Many developments involve the issue of retaining user Session verification. This issue is quite interesting. Several solutions have been summarized for reference only.
[Question raised]
In order to meet large enough applications and satisfy more customers, we set up N Web servers (N>=2). In this case, we will involve a question: after a user logs in to one server, if he can continue to use the customer's Session when crossing to another server?
(The solution described below is only for the development architecture of Linux/Unix Apache Mysql PHP. Of course, it can also be extended to other platforms.)
[Problem Solution]
Since our problem It is already in front of us, so we need to solve the problem from a technical perspective and give our customers a better experience. We have summarized several solutions.
1. How to write client cookies
When the user successfully logs in, the website domain name, user name, password, token, and session validity time are all written into the client in the form of cookies. In cookies, if a user crosses from one Web server to another, our program will actively detect the client's cookie information, make a judgment, and then provide corresponding services. Of course, if the cookie expires or is invalid, it will naturally The user is not allowed to continue the service. Of course, the disadvantages of this method are self-evident. For example, if the client disables cookies or the cookies are stolen by hackers?
2. How to synchronize session data between servers
Assuming that Web server A is the server where all users log in, then when the user authenticates and logs in, the session data will be written to server A. Then you can write your own script or daemon process to automatically synchronize the session data to other web servers. Then when the user jumps to other servers, the session data will be consistent, and the service can be performed directly without logging in again. The disadvantage is that it may be slow and unstable. If there is a problem with the login server if it is one-way synchronization, other servers will not be able to serve. Of course, two-way synchronization can also be considered.
3. How to share session data using NFS
In fact, this solution is similar to the Mysql solution below, but the storage method is different. Roughly speaking, there is a public NFS server (Network File Server) as a shared server. When all Web servers log in, they write session data to this server. Then all session data are actually stored on this NFS server. , no matter which web server the user accesses, he must come to this server to obtain session data, then the session data can be shared. The disadvantage is that the dependency is too strong. If the NFS server goes down, no one will be able to work. Of course, synchronization of multiple NFS servers can be considered.
(Classic article about NFS: http://linux.vbird.org/linux_server/0330nfs.php)