Forum: NGINX nginx keeping session

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
103e3ecb1c838c6c7e52a0ee12ee6e1a?d=identicon&s=25 Glen Lumanau (Guest)
on 2008-10-22 07:47
(Received via mailing list)
Hi All,



Is nginx already supported session keeping?



For example

I have nginx load balancer in front

Then I have 2 webservers as backend server A & B

When I tried to login maybe i've logged in in server A, but when the
load
balancer move me to server B, my status is not logged in



Which module that I can use for this issue?





Regards,



Glen Lumanau
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2008-10-22 07:54
(Received via mailing list)
use central session management. it's much better (in my opinion) than
relying on sticky sessions / webservers / load balancers / etc.

use a database, or msession, or some other distributed session store
103e3ecb1c838c6c7e52a0ee12ee6e1a?d=identicon&s=25 Glen Lumanau (Guest)
on 2008-10-22 07:56
(Received via mailing list)
if using database, it will make my database server overload i tought.

Or maybe it's better to use ip_hash module?
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2008-10-22 08:02
(Received via mailing list)
depends on your visitor count, architecture, etc, etc. you can also
put in a cache like memcached in as well, there's a lot of things you
can do.
Fda08117336cfde6562315df04b976e8?d=identicon&s=25 Dave Cheney (Guest)
on 2008-10-22 08:23
(Received via mailing list)
On Tue, 21 Oct 2008 22:56:57 -0700, mike <mike503@gmail.com> wrote:
> depends on your visitor count, architecture, etc, etc. you can also
> put in a cache like memcached in as well, there's a lot of things you
> can do.
>

Or encode the session data in the cookie value, like the Rails guys do
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2008-10-22 12:36
(Received via mailing list)
eh, depending on what you're storing couldn't it hit the RFC cookie
limit pretty easily?

i suppose it has some sort of key and expiry in it so people can't
spoof alternate expiry times etc.
Fda08117336cfde6562315df04b976e8?d=identicon&s=25 Dave Cheney (Guest)
on 2008-10-22 13:15
(Received via mailing list)
> eh, depending on what you're storing couldn't it hit the RFC cookie
> limit pretty easily?

The only piece of data you would need is the user id. Everything else
can be deduced from that.

> i suppose it has some sort of key and expiry in it so people can't
> spoof alternate expiry times etc.

Not really sure, haven't used it in production and I'm not working
with rails at the moment. You make a good point thou, you probably
need two things, the user id, and an expiry time encoded in the
cookies value.

Cheers

Dave
73ad028341c045f423691da9dae1be53?d=identicon&s=25 张立冰 (Guest)
on 2008-10-22 17:12
(Received via mailing list)
session keeping?
maybe config with ip_hash can help you to do this job.
and the document http://wiki.codemongers.com/NginxHttpUpstreamModule
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2008-10-22 21:38
(Received via mailing list)
On Wed, Oct 22, 2008 at 4:08 AM, Dave Cheney <dave@cheney.net> wrote:

>> eh, depending on what you're storing couldn't it hit the RFC cookie
>> limit pretty easily?
>
> The only piece of data you would need is the user id. Everything else can be
> deduced from that.

not really saving much database load there then :P
This topic is locked and can not be replied to.