HLDsystem_design~25 mins

Shopping cart and session management in HLD - System Design Exercise

Choose your learning style9 modes available

Learn Why Deep Arch Practice Challenge Design Recall Scale

Design: Shopping Cart and Session Management System

Design covers shopping cart operations and session management including storage, retrieval, and expiration. User authentication and payment processing are out of scope.

Functional Requirements

FR1: Allow users to add, update, and remove items in their shopping cart.

FR2: Maintain user session to keep the cart state across multiple requests and visits.

FR3: Support both logged-in users and guest users with temporary sessions.

FR4: Ensure cart data is consistent and available during the shopping process.

FR5: Allow cart recovery after session expiration or user logout.

FR6: Support up to 100,000 concurrent users with low latency.

FR7: Provide APIs for frontend to interact with cart and session data.

Non-Functional Requirements

NFR1: API response time p99 should be under 150ms.

NFR2: System availability should be at least 99.9% uptime.

NFR3: Session data should expire after 30 minutes of inactivity for guests.

NFR4: Persist cart data for logged-in users for at least 30 days.

NFR5: Handle sudden traffic spikes during sales events.

Think Before You Design

Questions to Ask

❓ Question 1

❓ Question 2

❓ Question 3

❓ Question 4

❓ Question 5

❓ Question 6

Key Components

API Gateway or Load Balancer

Session Store (e.g., Redis)

Cart Data Store (e.g., NoSQL or Relational DB)

Authentication Service

Cache Layer

Background Jobs for session expiration and cart cleanup

Design Patterns

Session Token Management (Cookies or JWT)

Cache Aside Pattern for cart data

Eventual Consistency for cart updates

Sticky Sessions vs Stateless Sessions

Data Expiration and TTL management

Reference Architecture

Client
  |
  v
API Gateway / Load Balancer
  |
  v
+---------------------+       +------------------+
| Session Store (Redis)|<----->| Authentication   |
+---------------------+       | Service          |
          |                   +------------------+
          v
+---------------------+
| Cart Service        |
| (Business Logic)    |
+---------------------+
          |
          v
+---------------------+
| Cart Data Store     |
| (NoSQL DB)          |
+---------------------+

Background Jobs
  |
  v
Session Expiration & Cart Cleanup

Components

API Gateway / Load Balancer

Nginx / AWS ALB

Route client requests to appropriate services and handle SSL termination.

Session Store

Redis

Store session tokens and temporary session data with TTL for fast access.

Authentication Service

OAuth2 / JWT Provider

Authenticate users and issue session tokens.

Cart Service

Node.js / Java Spring Boot

Handle cart operations like add, update, remove items and session validation.

Cart Data Store

MongoDB / DynamoDB

Persist cart data for logged-in users and support fast read/write.

Background Jobs

Cron Jobs / AWS Lambda

Clean expired sessions and carts, maintain data hygiene.

Request Flow

1. 1. Client sends request to API Gateway with session token (cookie or header).

2. 2. API Gateway forwards request to Cart Service.

3. 3. Cart Service validates session token with Session Store.

4. 4. If session valid, Cart Service fetches cart data from Cart Data Store or cache.

5. 5. Client performs cart operations (add/update/remove).

6. 6. Cart Service updates cart data in Cart Data Store and optionally cache.

7. 7. Session Store updates session TTL to keep session alive.

8. 8. Background Jobs periodically remove expired sessions and carts.

Database Schema

Entities: - User: user_id (PK), email, password_hash, created_at - Session: session_id (PK), user_id (FK nullable), cart_id (FK nullable), session_token, last_active, expires_at - Cart: cart_id (PK), user_id (FK nullable), created_at, updated_at - CartItem: cart_item_id (PK), cart_id (FK), product_id, quantity Relationships: - One User can have multiple Sessions. - One User can have one active Cart. - One Cart has many CartItems. - Guest users have sessions without user_id but with cart_id.

Scaling Discussion

Bottlenecks

Session Store overload due to high read/write traffic.

Cart Data Store slowdowns with large number of concurrent writes.

API Gateway becoming a single point of failure or bottleneck.

Background jobs causing spikes in database load during cleanup.

Solutions

Use Redis clustering and partitioning to scale Session Store horizontally.

Choose a scalable NoSQL database with auto-sharding for Cart Data Store.

Deploy multiple API Gateway instances behind a load balancer for high availability.

Schedule background jobs during off-peak hours and throttle cleanup tasks.

Interview Tips

Time: Spend 10 minutes understanding requirements and clarifying scope, 20 minutes designing components and data flow, 10 minutes discussing scaling and trade-offs, 5 minutes summarizing.

Explain how session management supports both guest and logged-in users.

Discuss trade-offs between storing cart data in session store vs persistent DB.

Highlight importance of TTL and expiration for session cleanup.

Describe how caching improves read performance for cart data.

Address scaling challenges and solutions for high concurrency.

Mention security considerations like token validation and data privacy.