AWS lambda serverless website session maintaining

Either you use Cognito or your own way of session management, beware that lambda calls share their runtime and share static state between them. Make sure that your design considers this fact and architect your session sharing accordingly.

https://www.linkedin.com/pulse/does-lambda-call-share-any-commonstate-santhosh-gandhe/


There are multiple mechanisms available in HTTP to maintain session state within web applications, such as cookies (standard HTTP header), URL parameters, URL arguments on GET requests, body arguments on POST requests, such as hidden form fields (HTML forms), or proprietary HTTP headers.

Source: Session Management Cheat Sheet

AWS Lambda has nothing to do with session management unless you want to re-invent the wheel and write Lambda functions that store/retrieve session variables from the database, in which case I'd recommend that you use Amazon Cognito for session management. See Amazon Cognito Identity SDK for JavaScript.


In the Amazon Cognito Identity SDK for Javascript, check in particular the use case 16, it shows how to retrieve the Cognito current user. You can use this function to pass from page to page the current user attributes.

    var poolData = {
        UserPoolId : '...', // Your user pool id here
        ClientId : '...' // Your client id here
    };
    var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);
    var cognitoUser = userPool.getCurrentUser();

    if (cognitoUser != null) {
        cognitoUser.getSession(function(err, session) {
            if (err) {
                alert(err);
                return;
            }
            console.log('session validity: ' + session.isValid());
            // other AWS actions ...
        });
    }