Access Layer Session design principles:
1, the session-read and write request uses the context object, called the session.
Business always has a status: the user orders to purchase, login status, friend status, message delivery situation;
These stateful information varies with the user's operation.
Stand-alone environment:
- There is no session sharing problem;
- easy to handle;
- Session is saved in memory;
- High availability is not guaranteed (process hangs, downtime, session loss is not available).
Cluster Design:
--session Replication:
Synchronize session data between all Access layer servers;
Each access server holds the user's full amount of session data;
Users only need to access a machine, get fast;
High availability: Downtime part of the machine, no impact.
Problem:
--Apply to the Access layer cluster less, not a large amount of thousands of Access layer server;
-A large number of session replication, occupy the server and network resources;
--Storage of the full user session, the memory consumption is too large, and may even overflow;
Large design:
Session bindings:
Load balancer to a specific access layer server based on user requests (Uid\mac\imei, etc.)
Some websites use;
How high availability is guaranteed: Single point of issue, replication mechanism (Master-slave)
Multi-Machine Design:
Client hold session:
--session is generated by the server and stored to the client;
--Each request carries the client session;
--If the server has updates back to the client storage;
C:
--apps: recorded in the native;
b/S:
--web: Recorded in a cookie.
Disadvantages:
WEB cookie Record information size limit (e.g. 100KB);
Each request is transmitted session: Traffic, performance is affected;
The user closes, clears the session, the user request is not normal;
Advantages:
The scheme is simple and supports the seamless scaling of the service side.
High availability of the programme;
more website use;
Session High Availability cluster:
--no State of access layer;
--Unified high-availability session distributed read-write server cluster;
-State separation:
The access layer itself is stateless;
Session Cluster has Status:
Distributed Cache (Nosql-memcached/redis, RDBMS-MYSQL/MONGODB)
Access Layer Security:
The access layer is the client and server interface;
The importance of data security is self-evident;
Ensure data security: Connection channel encryption, transmission data encryption.
Client and server establish secure channel-technical solution:
All request data are encrypted, improve efficiency, use symmetric encryption algorithm;
Symmetric encryption keys are determined by using asymmetric cryptographic algorithms over two times.
The establishment of a secure channel must satisfy:
Any third party cannot forge the server;
In the case of client code, even intercepting other user-sent encryption requests cannot be decrypted.
Using https:
Encryption of data security;
One-way encryption is not recommended, and bidirectional encryption is used (secure)
Client certificate
Data encryption purposes:
Solve the problem of data plaintext;
Even interception can not be decrypted;
Data tampering cannot be guaranteed;
How to ensure data correctness:
Data signature: Both parties agree to a rule signature (md5sum, others)
Process:
- The client is signed according to the agreement;
- The server receives the data and generates md5sum values according to the rules;
- is consistent with the md5sum value in the data packet;
- The agreement is no problem, the inconsistency means that the change
High-availability access layer best practices:
module and data separation;
Session binding: Synchronous replication of each session;
General architecture notes for the Internet system