How do I maintain session information that logs the user's login status after the application server has been load balanced? With cookies? But it doesn't feel safe.
Reply content:
How do I maintain session information that logs the user's login status after the application server has been load balanced? With cookies? But it doesn't feel safe.
Several ideas:
1, the load algorithm uses IP hash, each time the same IP request forwarded to the same WEB server.
The disadvantage is that all WEB servers can not be effectively used to do a balanced load, the general load algorithm is Round Robin.
2, rewrite session handler, the session with the database to store.
The disadvantage is that if the traffic is high, the IO throughput is too high to affect website performance.
3. Set the default storage path of the session to a piece of storage area on NFS so that all WEB servers can be shared.
The disadvantage is that once NFS hangs, the session is no longer available.
4, the simplest, the php.ini in the session save handler set to Memcache or Redis.
Recommended for Memcache. If using Redis, there is no easy-to-use cluster solution, and Redis will write data back to the hard disk, completely unnecessary. and memcache only need very few configuration can do cluster, data operation completely in memory, speed leverage drops.
The cookie stores a key, the specific information exists in the database, can use Memcache/redis these memory-based key-value storage to accelerate
@socrates provides a method, in addition to the IP can be hashed to send the same user's request to the same backend, Nginx has this simple session-keeping function.
The load balancing session remains, and the same user request is sent to a server. This is more reliable.
Very critical work number
- Load-balanced session stickiness increases load balancing because the correspondence between IP and upstream servers needs to be recorded
- The session exists in the Key-value database. Save the key Cookie,value the database. Key is generally very complex and difficult to guess, so there is no serious problem even with cookies. It is not difficult to recommend this approach, Key-value database can also avoid single point of failure
Using a unified session service can be stored in MC or Redis
It can be deposited into structured storage (memcached, etc.)