How can i manage sessions between 2 or more web servers are using to manage Load balancing ?
The points that i found are
Use database session CDbHttpSession
Use cache session CCacheHttpSession
Use Security manager CSecurityManager
As Yii project Lead Qiang said , There is only one thing you need to be careful, that is the validationKey of CSecurityManager. By default, this key is automatically/randomly generated the first time and is stored under runtime directory. In multiple server environment, you should explicitly configure this property so that all servers share the same key. This key is used widely to generate hash keys for various security-related measures.
You have a couple of options:
1) If your load balancer supports it, you can enable session persistence so that the user always is sent to the same server as the one they originally hit. The benefit of this is that it's easy to setup if you don't want to change any code. The downside is that if one of your servers goes down you lose all your sessions on that node.
2) Setup a shared memcache (not memcached) session between node1 and node2. The relevant settings being.
php.ini
session.save_handler memcache
session.save_path tcp://<ip1>, tcp://<ip2>
memcache.ini
memcache.allow_failover 1
memcache.default_port 11211
memcache.hash_strategy standard
memcache.max_failover_attempts 20
It's a little tricky to setup, but once you get it working you have full redundancy between both servers if one were to go down.
3) Setup a third node to manage sessions and configure php session.save_path to be that server's ip. The benefit of this is that sessions are now managed by a third server. The downside being you lose redundancy, if that server goes down you lose sessions.
this is the best answer that i got . But I cant Use APC !!
Is there any other methods ?
Related
I have three servers for single domain
I'm using nginx as loadbalancer.
I want to share php sessions across these servers.
My application is heavily dependent on session. storing sessions in files is bad idea. i'm using memcached for this.
how exactly and efficiently should i configure memcached to read and write sessions and share between servers quickly.
or any other good alternative suggestion.
As I read your question, it looks like you installed Memcache on every server (and that's why you ask about "sharing between servers" ?).
What I would do is have a server where you ONLY have Memcached on it. Each web server would connect to your instance of Memcache. You can also have a pool of Memcache servers if needed and Memcache will take care of distributing your data and sessions correctly.
First, you may want to change the way sessions are handled in PHP (for each server) in order to read session's data in Memcache. Your php.ini file will need this:
[Session]
; Handler used to store/retrieve data.
session.save_handler = memcache[d] ; memcache or memcached
session.save_path = "127.0.0.1:11211"
See how Session Handlers work. Note that you can use memcache or memcached extension. They are not the same.
Here is the documentation for both extensions:
Memcache
Memcached
If you want more details about the right memcache to pick, I suggest you check this:
https://serverfault.com/questions/63383/memcache-vs-memcached
Note that storing sessions in Memcache can be problematic. If Memcache is stopped (for whatever reason) you will loose all data you have in it. You may want to consider storing your sessions in a database and also have them in Memcache to speedup the process.
You can build a custom Session Handler to do that and make sure it suits your needs. You can read more about The SessionHandler class.
Finally, if you are open to suggestion, I would also consider using Redis instead of Memcache as it offers more features and will enable you to reload data if shutdown correctly.
I'm working with a couple of Web Servers behind a Load Balancer and I can enable Sticky Sessions to hold a user to the one specific Web Servers - this will work.
I have been reading about PHP Sessions & MemCache. I must say what I've read is a touch confusing as some pages say its a good idea and others the opposite.
Questions:
is it possible to keep php sessions in memcache?
is it better to use sticky sessions over memcache?
what are the problems with php sessions in memcache - note: I can get enough cache (amazon so its expandable).
1: YES. And I strongly recommend storing PHP sessions in Memcached. Here's why:
Memcached is great for storing small chunks of data that are frequently accessed by the database and filesystem.
Memcached was designed specifically for sessions. It was originally the brainchild of the lead developer of livejournal.com and later used to also cache the content of users' posts. The benefit was immediate: most of the action was taking place in memory. Page load times greatly improved.
Thankfully, PHP and Apache have an easy implementation to handle sessions with Memcached. Simply install with a few shell commands
example for Debian:
sudo apt-get -t stable install php7.4-memcached
and
change your php.ini settings to something similar to:
(taken from https://www.php.net/manual/en/memcached.sessions.php)
session.save_handler = memcached
; change server:port to fit your needs...
session.save_path = "localhost:11211"
The key is the session.save_path
It will no longer point to a relative file path on your server.
APC was mentioned - APC for the caching of .php files used by the program. APC and Memcached will reduce IO significantly and leave Apache/Nginx free to server resources, such as images, faster.
2: No
3: The fundamental disadvantage of using Memcached is data volatility
Session data is not persistent in Memcached. So if and when the server crashes, all data in memory is lost. Everyone will have to log in again.
And then you have memory consumption...
Remember: the sessions are stored in the memory. If your website handles a large number of concurrent users, you may have to shell out a little extra money for a larger memory allocation.
1. Yes, it is possible to keep PHP sessions in memcached.
The memcache extension even comes with a session handler that takes very little configuration to get up and running. http://php.net/manual/en/memcached.sessions.php
2. Memcache/Sticky Sessions
I don't really know which is "better". I feel this is going to be one of those "it depends" answers. It likely depends on your reasons for load balancing. If a small number of users cause lots of load each, or if it's a large number causing a small load each.
3. Cons of Memcache
There are probably 2 main cons to using memcache for sessions storage.
Firstly, it is volatile. This means, if one of your memcached instances is restarted/crashes etc. any sessions stored in that instance are lost. While if they were using traditional file based sessions, they will be still there when the server returns.
Secondly and probably more relevant, memcached doesn't guarantee persistance, it is only meant to be a cache. Data can be purged from memcached at any time, for any reason. While, in reality, the only reasons data should be purged is if the cache is nearing its size limits. The least recently accessed data will be expelled. Again, this might not be an issue, as the user is probably gone if their session is stale, but it depends on your needs.
If you want to use "memcacheD" extension not "memcache" (there are two different extensions) for session control, you should pay attention to modify php.ini.
Most web resources from Google is based on memcache because it's earlier version than memcacheD. They will say as following:
session.save_handler = memcache
session.save_path = "tcp://localhost:11211"
But it's not valid when it comes to memcacheD.
You should modify php.ini like that:
session.save_handler = memcached
session.save_path = "localhost:11211"
There is no protocol indentifier.
From: http://php.net/manual/en/memcached.sessions.php#99646
As my point of view its not recommended storing sessions in Memcached.If a session disappears, often the user is logged out,If a portion of a cache disappears or either due to a hardware crash it should not cause your users noticable pain.According to the memcached site, “memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.” So while developing your application, remember that you must have a fall-back mechanism to retrieve the data once it is not found in the Memcached server.
All,
I have a PHP5 web application written with Zend Framework and MVC. This application is installed on 2 servers with the same setup. Server X has php5/MySql/Apache and Server Y also have the same. We don't have a common DB server between both the servers.
My application works when accessed individually via https on Server X and Server Y. But when we turn on load balancing and have both servers up, the sessions get lost.
How can I make sure my sessions persist across servers? Should I maintain my db on a third server and write sessions to it? IF so, what's the easiest and most secure way to do it?
Thanks
memcached is a popular way to solve this problem. You just need to get it up and running (easy) and update your php.ini file to tell it to use memcached as the session storage.
In php.ini you would modify:
session.save_handler = memcache
session.save_path = ""
For the general idea: PHP Sessions in Memcached.
There are any number of tutorials on setting up the Zend session handler to work with memcached. Take your pick.
Should I maintain my db on a third
server and write sessions to it?
Yes, one way to handle it is to have a 3rd machine running the database that both webservers use for the application. I've done that for several projects in the past and its worked well. The question with that approach is... is the bottleneck at the webservers or the database. If its at the database, you wont see much improvement by throwing load balancing of the web servers into the mix. You may need to instead think of mirroring schemes for the database.
Another option is to use the sticky sessions feature on your load balancer. What this will do is keep users on certain servers. So when user 1 comes to the site, they will be directed to server X. Every subsequent request will also be directed to server X. This allows you to not worry about persisting sessions between servers, as each user will continue to be directed to the server they have their session on.
The one downside of this is that when you take a web server out of the pool, half the users with a session will be logged out. So the effectiveness of this solution depends on how often you take servers out of the pool.
If I am running more than two instances of a server (using rackspace-cloud's ip groups), how do I manage my sessions with PHP?
Is there a way to make users 'sticky' to the server they logged into originally? I do use memcached, but all of the cloud systems have memcached on them, I need to insure a users session gets to the right server.
I do not want a single point of failure.
Use something other than files for session management. PHP allows you to overwrite the handler. I use memcache. There is a PECL extension for it as well: http://www.dotdeb.org/2008/08/25/storing-your-php-sessions-using-memcached/
Here's another article on it: http://www.ducea.com/2009/06/02/php-sessions-in-memcached/
UPDATE
To address issues from the comments:
This allows you to use a central set of memcache machines for sessions. Instead of each server looking locally at its filesystem, it will look to a central memcache cluster you define.
The memcache cluster can be as many machines as you like, to avoid a single point of failure. Here is an example config from php.ini:
extension=memcache.so
memcache.allow_failover = 1
memcache.redundancy = 1
memcache.session_redundancy = 2
; Use memcache as a session handler
session.save_handler = memcache
; Use a comma separated list of server urls to use for storage:
session.save_path="udp://:11211?persistent=1&weight=1&timeout=1&retry_interval=15"
We having been using multiple webservers for our cakephp application,
problem is there are two cache directories, server 2 is clearing his cache before doing any insertion in his database. But server 1 doesn't know the about the database has been changed , so server 1 cached is not cleared
When new web request comes to server 2 , he creates new cache files and return good results. BUT when it comes to server 1 , he show same old results :( .
I wonder is there any way we can share the cache directory among various physical servers, without compromising with performance.
We may increase the web servers, so please recommend good long term solution for this
Thanks for reading
I would look into using Memcache as for your caching mechanism. You can set up the Memcache daemon (memcached) on one server and then connect both servers to the one cache. See the core.php for set up details. Of course you will also have to install the memcache php ext and the daemon, but it will be worth it.
Easiest way would be setting up the cache directory to be served from an nfs (file) server. You wouldn't have to change anything else.
For performance i'd also stick to Memcache as bucho said, but it will likely require you to change your application code.