Forum: NGINX nginx keeping session

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Glen L. (Guest)
on 2008-10-22 09:47
(Received via mailing list)
Hi All,



Is nginx already supported session keeping?



For example

I have nginx load balancer in front

Then I have 2 webservers as backend server A & B

When I tried to login maybe i've logged in in server A, but when the
load
balancer move me to server B, my status is not logged in



Which module that I can use for this issue?





Regards,



Glen L.
mike (Guest)
on 2008-10-22 09:54
(Received via mailing list)
use central session management. it's much better (in my opinion) than
relying on sticky sessions / webservers / load balancers / etc.

use a database, or msession, or some other distributed session store
Glen L. (Guest)
on 2008-10-22 09:56
(Received via mailing list)
if using database, it will make my database server overload i tought.

Or maybe it's better to use ip_hash module?
mike (Guest)
on 2008-10-22 10:02
(Received via mailing list)
depends on your visitor count, architecture, etc, etc. you can also
put in a cache like memcached in as well, there's a lot of things you
can do.
Dave C. (Guest)
on 2008-10-22 10:23
(Received via mailing list)
On Tue, 21 Oct 2008 22:56:57 -0700, mike <removed_email_address@domain.invalid> 
wrote:
> depends on your visitor count, architecture, etc, etc. you can also
> put in a cache like memcached in as well, there's a lot of things you
> can do.
>

Or encode the session data in the cookie value, like the Rails guys do
mike (Guest)
on 2008-10-22 14:36
(Received via mailing list)
eh, depending on what you're storing couldn't it hit the RFC cookie
limit pretty easily?

i suppose it has some sort of key and expiry in it so people can't
spoof alternate expiry times etc.
Dave C. (Guest)
on 2008-10-22 15:15
(Received via mailing list)
> eh, depending on what you're storing couldn't it hit the RFC cookie
> limit pretty easily?

The only piece of data you would need is the user id. Everything else
can be deduced from that.

> i suppose it has some sort of key and expiry in it so people can't
> spoof alternate expiry times etc.

Not really sure, haven't used it in production and I'm not working
with rails at the moment. You make a good point thou, you probably
need two things, the user id, and an expiry time encoded in the
cookies value.

Cheers

Dave
张立冰 (Guest)
on 2008-10-22 19:12
(Received via mailing list)
session keeping?
maybe config with ip_hash can help you to do this job.
and the document http://wiki.codemongers.com/NginxHttpUpstreamModule
mike (Guest)
on 2008-10-22 23:38
(Received via mailing list)
On Wed, Oct 22, 2008 at 4:08 AM, Dave C. <removed_email_address@domain.invalid> 
wrote:

>> eh, depending on what you're storing couldn't it hit the RFC cookie
>> limit pretty easily?
>
> The only piece of data you would need is the user id. Everything else can be
> deduced from that.

not really saving much database load there then :P
This topic is locked and can not be replied to.