Managing the session state is one of the important challenges in distributing and scaling web applications. HTTP is a stateless protocol. The state of the user interactions with web applications is typically managed in HttpSession.

It is important to have as little data as possible in a session. Focus on identifying and removing data that is not needed in the session.

Consider a distributed application with three instances, as shown here. Each of these instances has its own local session copy:

Imagine a user is being currently served from App Instance 1. Imagine if App Instance 1 goes down and the load balancer sends the user to App Instance 2. App Instance 2 is not aware of the session state that was available with App Instance 1. The user has to log in and start off again. That's not a good user experience.

Spring Session provides features to externalize your session store. Instead of using the local HttpSession, Spring Session provides alternatives to store the session state to different data stores:

Spring Session also provides a clear Separation of Concerns. The application code remains the same irrespective of the session data store being used. We can switch between session data stores through configuration.