WebFarms and Sessions

[eluser]minimalistic[/eluser]
Hello folks,

I'm currently deploying an application that will work on a webfarm (around 8 frontends). My problema is with session sharing. The only way I'm seeing it to pass the session_id through the querystring. And that's not pretty.

Anyone has a way?

Thank you Folks

[eluser]darkhouse[/eluser]
Unfortunately, passing the session id in the url is the only way, but you can hide it by doing a redirect. I don't know how your "web farm" is setup, but maybe you can have a library that manages the switching between the different sites, something like this:

Code:

class Webfarm {

   var $CI;

   function Webfarm(){
      $this->CI =& get_instance();
      $this->CI->load->helper('cookie');
   }

   function force($domain){      
      $cookie = get_cookie('PHPSESSID');
      redirect($domain.'/xfer/'.$cookie.$this->CI->uri->uri_string());
   }

}

So then you can put into any controller, this:

Code:

class Some_page extends Controller {

   function Some_page(){
      parent::Controller();
      $this->load->library('webfarm');
      $this->webfarm->force('somedomain.com');
   }

   function index(){
      $this->load->view('page');
   }

}

Now, in the webfarm library, in the redirect, you'll see it passing the session id and the uri string to a controller called 'xfer', which would be this:

Code:

class Xfer extends Controller {

   function Xfer(){
      parent::Controller();
   }
    
   function index($sess_id){
      $args = func_get_args();
      array_shift($args);
      $path = implode('/', $args);
      $this->load->helper('cookie');
      set_cookie('PHPSESSID', $sess_id);
      redirect($path);
   }
    
}

So there's just a couple other things to do, add a route for the xfer index:

Code:

$route['xfer/(:any)'] = "xfer/index/$1";

And change the base_url in the config file to this:

Code:

$config['base_url'] = (isset($_SERVER['HTTPS']) ? 'https' : 'http')."://".$_SERVER['HTTP_HOST'].'/';

This is untested, but I think it'll work. I did something similar on a site to transfer sessions between http and https.

[eluser]Wuushu[/eluser]
How do you store sessions? With CI in the database with a ID in the cookie? If you're load balancing between 8 frontends that each connect to the same MYSQL source.. wouldn't the cookie keep the session between the 8 frontends, and pull your session data on each request out from the MYSQL source?

I don't know your structure so I might be way off.

[eluser]darkhouse[/eluser]
As soon as you change domains, the cookie dies, and therefore can't read the data from the session.

[eluser]Wuushu[/eluser]
But he never said that they were on different domains.. I assumed they were loadbalancing the same application. My bad.

[eluser]BrianDHall[/eluser]
With this many different frontends I would assume you have a single database server they all access, right? Then unless you want to share a cookie across domains, as darkhouse and Wuushu refer to, you can just use regular CI sessions and configure it to use your MySQL database.

Otherwise getting sessions to work across multiple domains and servers sucks, because you have to use a query string or rely on some sort of AJAX solution.

It does matter, in a big way, whether or not you are using 8 front-end load-balanced sort of solution, or if you have 8 different sites on different domains on different servers.

[eluser]minimalistic[/eluser]
no no no, the domain is the same and 100% transparent to the end user. I have a load balancing solution. I was thinking in writing two hooks. One to send by post the session_id at every request and another to get that id and get the right session back. I guess I'm reiventing the wheel.

I have to be sure that the id on the cookie is acurate. Can't afford to loose session in the middle of a process. This is a govenment app and a few millions are at stake.

Ok, i'll look at the cookie and will perform some tests. I'll post back my findings.

BTW, this is a great framework. Really is. If anyone that's deciding if CI is the right one (among all the others) my advice is go for it. After a couple of weeks this is home.

Ok, I'll post back in a while.

[eluser]kurucu[/eluser]
Tt really depends on your implementation. With load sharing across a single domain a normal session will work (database or otherwise, assuming they access the same/copies of the same database).

If he's talking about different domains accessing a common core then the browser won't share cookies with the other domains.

Then an alternative to the ajax method is to run a bunch of meta/js redirects with a token inside them that was gained from the first session start. Once you know that four different sessions are actually the representing the same user across different sites, then you just replicate anything you do on the server side across all the sessions (easiest if they are just quick sql updates in a table). Another option might be to load images in the page from each domain (if there are only a few) which access PHP scripts and send the first token in the url of the image.

Once you go down this route, however, you really should guard all protected actions with an extra password confirmation.

You might remember IE clicking across different Microsoft domains when you signed into Hotmail in the old days, it was doing a very similar thing.

[eluser]Wuushu[/eluser]
No, if you're using "regular" php sessions stored on the filesystem.. it will not work even with all 8 frontends having the same domain, unless they share the same filesystem. However IF you are using CI, use the mysql-stored session type and this will not be a problem... No need to posts, ajax or the like.. The cookie information will be stored in only 2 places..

1# ID of the cookie stored in the users browser available for all 8 frontends (same domain)
2# Your database source.. where the actual data exists.. will retrieve the session info based on from the cookie ID.. it will work seamlessly


If there's something in the setup I have missed.. then I appologise

[eluser]minimalistic[/eluser]
I was making a storm on a glass of water. All work without any prob. +1 to codeigniter.

My setup is kinda complicated.

I have a frontend webfarm with 8 servers (altough they share the source through NFS session information is stored on the mysql). I have 4 MySQL servers, replicating information. 3 of them serve only selects and the fourth receives the inserts (session data is located at this server. I've modified the session class to access only this server). Session data is not replicated (don't need to).

I have 150 (more or less) simultaneous users heavily working on the application. I'm migrating the application tomorrow. Will let you know how it goes.