wiki/reviews/20260111 doc_session_handling_summary_operations.md

# PowerOn Gateway - Session Handling for Horizontal Scaling

## Executive Summary

**Status: ✅ READY FOR HORIZONTAL SCALING**

The PowerOn Gateway uses a stateless, database-backed session architecture that supports horizontal scaling with load balancers. User sessions persist across multiple gateway instances without requiring sticky sessions or shared in-memory storage.

---

## Architecture Overview

### Session Management Approach

**Authentication Method**: JWT tokens stored in httpOnly cookies
- Access token: `auth_token` cookie
- Refresh token: `refresh_token` cookie
- Tokens contain user context (userId, mandateId, sessionId)

**Token Validation**: Database-backed
- All tokens stored in `Token` database table
- Each request validates token against database
- Token status: ACTIVE or REVOKED
- No in-memory session storage (no Redis/Memcached)

**Key Characteristics**:
- ✅ Stateless backend design
- ✅ Database as single source of truth
- ✅ Cookie-based token transmission
- ✅ Independent token validation per instance

---

## Load Balancer Configuration

### Recommended Settings

| Setting | Value | Notes |
|---------|-------|-------|
| **Session Affinity** | **NOT REQUIRED** | Can use round-robin or least-connections |
| **Health Checks** | Standard HTTP | Standard endpoint health checks |
| **Cookie Handling** | Default | Browser handles cookies automatically |
| **Sticky Sessions** | **NOT NEEDED** | Gateway instances are stateless |

### Cookie Configuration

Current cookie settings (configured in code):
- `path="/"` - Available across all paths
- `samesite="strict"` - CSRF protection
- `httponly=True` - XSS protection
- `secure` - Enabled when using HTTPS

**No special load balancer cookie configuration required.**

---

## Deployment Requirements

### Database Configuration

**Requirements for Logical Database**:
- Single logical database instance (shared across all gateway instances)
- Database must be accessible from all gateway instances
- Database must support concurrent connections from multiple instances
- Each gateway instance requires proper database connection pooling
- Database should handle concurrent token validation queries efficiently

**Token Table**: Contains all session state
- Token ID (jti)
- User ID, Session ID, Mandate ID
- Status (ACTIVE/REVOKED)
- Expiration timestamps

### Gateway Instance Configuration

Each gateway instance:
- ✅ Operates independently
- ✅ Validates tokens via database queries
- ✅ No shared state with other instances
- ✅ Can be added/removed without affecting active sessions


### Key Points for Operations

1. ✅ **No sticky sessions required** - Load balancer can distribute requests freely
2. ✅ **Shared logical database required** - All instances access the same database
3. ✅ **Instances are independent** - Can add/remove instances without downtime
4. ✅ **Sessions persist across instances** - Users won't lose sessions during failover

---


*Document prepared for Operations Center*, Patrick Motsch, PowerON AG, 2026-01-11