Nginx keeping session


#1

Hi All,

Is nginx already supported session keeping?

For example

I have nginx load balancer in front

Then I have 2 webservers as backend server A & B

When I tried to login maybe i’ve logged in in server A, but when the
load
balancer move me to server B, my status is not logged in

Which module that I can use for this issue?

Regards,

Glen L.


#2

use central session management. it’s much better (in my opinion) than
relying on sticky sessions / webservers / load balancers / etc.

use a database, or msession, or some other distributed session store


#3

if using database, it will make my database server overload i tought.

Or maybe it’s better to use ip_hash module?


#4

depends on your visitor count, architecture, etc, etc. you can also
put in a cache like memcached in as well, there’s a lot of things you
can do.


#5

On Tue, 21 Oct 2008 22:56:57 -0700, mike removed_email_address@domain.invalid wrote:

depends on your visitor count, architecture, etc, etc. you can also
put in a cache like memcached in as well, there’s a lot of things you
can do.

Or encode the session data in the cookie value, like the Rails guys do


#6

eh, depending on what you’re storing couldn’t it hit the RFC cookie
limit pretty easily?

The only piece of data you would need is the user id. Everything else
can be deduced from that.

i suppose it has some sort of key and expiry in it so people can’t
spoof alternate expiry times etc.

Not really sure, haven’t used it in production and I’m not working
with rails at the moment. You make a good point thou, you probably
need two things, the user id, and an expiry time encoded in the
cookies value.

Cheers

Dave


#7

eh, depending on what you’re storing couldn’t it hit the RFC cookie
limit pretty easily?

i suppose it has some sort of key and expiry in it so people can’t
spoof alternate expiry times etc.


#8

On Wed, Oct 22, 2008 at 4:08 AM, Dave C. removed_email_address@domain.invalid wrote:

eh, depending on what you’re storing couldn’t it hit the RFC cookie
limit pretty easily?

The only piece of data you would need is the user id. Everything else can be
deduced from that.

not really saving much database load there then :stuck_out_tongue:


#9

session keeping?
maybe config with ip_hash can help you to do this job.
and the document http://wiki.codemongers.com/NginxHttpUpstreamModule