A slightly larger website usually has several servers, each of which runs modules with different functions and uses different second-level domain names. For a website with strong integrity, the user system is unified, that is, a set of user names, The password can be used to log in in various modules of the entire website. It is relatively easy for each server to share user data. It only needs to put a database server in the backend, and each server can access user data through a unified interface. But there is still a problem, that is, users still need to log in again when they enter other modules of another server after logging in to this server. How to realize the problem of sharing SESSION data.
Second, the working principle of PHP SESSION Before solving the problem, let's first understand the working principle of PHP SESSION. When a client (such as a browser) logs in to a website, the visited PHP page can use session_start() to open SESSION, which will generate the client's unique identification SESSION ID (this ID can be obtained/set by the function session_id()). The SESSION ID can be retained on the client in two ways, so that when requesting different pages, the PHP program can learn the SESSION ID of the client; one is to automatically add the SESSION ID to the URL of GET, or to the form of POST, by default. Below, the variable name is PHPSESSID; the other is to save the SESSION ID in COOKIE through COOKIE. By default, the name of this COOKIE is PHPSESSID. Here we mainly explain in the way of COOKIE, because it is widely used.
So where is the SESSION data stored? On the server side of course, but not in memory, but in a file or database. By default, the SESSION saving method set in php.ini is files (session.save_handler = files), that is, SESSION data is saved by reading and writing files, and the directory where the SESSION file is saved is specified by session.save_path, and the file name is sess_ prefix, followed by the SESSION ID, for example: sess_c72665af28a8b14c0fe11afe3b59b51b. The data in the file is the serialized SESSION data. If the amount of access is large, there may be more SESSION files. At this time, you can set the hierarchical directory to save the SESSION files, and the efficiency will be improved a lot. The setting method is: session.save_path="N;/save_path", N is the hierarchical The number of stages, save_path is the starting directory. When writing SESSION data, PHP will obtain the SESSION_ID of the client, and then find the corresponding SESSION file in the specified SESSION file storage directory according to the SESSION ID, create it if it does not exist, and finally write the data to the file after serialization . Reading SESSION data is also a similar operation process. The read data needs to be deserialized to generate corresponding SESSION variables.
3. The main obstacles and solutions of multi-server sharing of SESSION By understanding the working principle of SESSION, we can find that by default, each server will generate a SESSION ID for the same client, for example, for the same user browser, The SESSION ID generated by server A is 30de1e9de3192ba6ce2992d27a1b6a0a, while that generated by server B is c72665af28a8b14c0fe11afe3b59b51b. In addition, PHP's SESSION data are stored in the server's file system. As shown below:
Once you've identified the problem, you can start to fix it. If you want to share SESSION data, you must achieve two goals: one is that the SESSION ID generated by each server for the same client must be the same, and can be passed through the same cookie, that is, each server must be able to read the same The cookie named PHPSESSID; the other is the storage method/location of the SESSION data must ensure that each server can access it.
Simply put, multiple servers share the SESSION ID of the client and must also share the SESSION data of the server. The realization of the first goal is actually very simple. It only needs to specially set the domain of COOKIE. By default, the domain of COOKIE is the domain name/IP address of the current server. The set cookies cannot be mutually accessed. For example , the server of www.aaa.com cannot read and write the cookies set by the server of www.bbb.com . The servers of the same website we are talking about here have their particularity, that is, they belong to the same first-level domain, for example: aaa.infor96.com and www.infor96.com both belong to the domain .infor96.com, then we can Set the cookie's domain to .infor96.com, so that aaa.infor96.com, www.infor96.com, etc. can access this cookie. The setting method in the PHP code is as follows: ('session.cookie_domain', '.infor96.com'); ?> In this way, the purpose of each server sharing the same client SESSION ID is achieved.
第二个目标的实现可以使用文件共享方式,如 NFS 方式,但设置、操作上有些复杂。我们可以参考先前所说的统一用户系统的方式,即使用数据库来保存 SESSION 数据,这样各个服务器就可以方便地访问同一个数据源,获取相同的 SESSION 数据了。
解决办法如下图所示:
