Shared session between multiple Web servers

Many of the development involved in the user's session validation is very reserved, this problem is more interesting, summed up several scenarios, for reference only.

　　[Questions raised]

In order to meet the needs of large enough applications to meet more customers, so we set up N Web server (n>=2), in the case of multiple Web servers, we will be involved in a problem: After the user logs on a server, What if I can continue to use the client's session when crossing to another server?

(The following description scenario is only for Linux/Unix + Apache + Mysql +PHP Development architecture, and of course, can also be extended to other platforms.) ）

　　[Problem Solving Solution]

Since our problems have been put in front of, then we need to solve the problem from the technical point of view, to our customers a better experience, summed up a few programs.

　　1. How to write client-side cookies

When the user login successful, the website domain name, user name, password, token, session validity time all in the form of cookies written to the client's cookie, if the user from a Web server across to another server, Our program proactively detects client cookie information, makes judgments, and then provides the corresponding service, and of course, if the cookie expires or is invalid, the user will not be allowed to continue the service. Of course, the drawbacks of this approach are self-evident, such as the client has disabled cookies or cookies stolen by hackers?

　2. How the session data is synchronized between servers

Assuming that the Web server A is all users logged on to the server, then when the user authentication login, session data will be written to a server, then you can write their own script or daemon to automatically synchronize session data to other Web servers, then when the user jumps to other servers, Then the session data is consistent, and nature can directly do the service without having to land again. The disadvantage is that it may be slow, unstable, if it is one-way synchronization, the login server problems, then other servers can not service, of course, may also consider the problem of bidirectional synchronization.

　　3. How to share session data using NFS

In fact, this scenario is similar to the following MySQL scenario, except that it is stored differently. Basically, there is a public NFS server (Network File server) to do the shared server, all the Web server log in when the session data is written to this server, then all the session data is actually stored on this NFS server, Regardless of the user access to the Web server, the server to get the session data, you can realize the sharing session data. The disadvantage is that the dependency is too strong, if the NFS server down, then everyone will not work, of course, you can consider the form of multiple NFS server synchronization.
(The classic Article on NFS: http://linux.vbird.org/linux_server/0330nfs.php)

　　4. How to share session data using MySQL database

This way is similar to NFS, but also the use of a MySQL server to do a shared server, all the session data saved to the MySQL server, all Web servers to this MySQL server to obtain session data. The disadvantage is too dependent, MySQL does not work to affect all Web servers, of course, you can consider how much mySQL database to share the session, using the way to synchronize MySQL data.

(MySQL sync I wrote article: http://blog.csdn.net/heiyeshuwu/archive/2005/10/31/520007.aspx)

　　5. Using hardware devices

This is a more mature solution, using a similar big-IP load device to achieve resource sharing, then can be a stable and reasonable sharing session. Many portals now use this approach. Shortcomings are obvious, is to charge, hardware equipment must be purchased costs, but for professional or large-scale applications, is more reasonable and worthwhile.
(about big-IP devices: http://www.f5.com.cn/channel.php?channel=product&type=BIG-IP-%D3%A6%D3%C3%C1%F7%C1%BF%B9%DC%C0 %ED&ID=36)

Shared session between multiple Web servers