According session-cookie mechanism, session is stored in each server, but in a cluster with multiple servers, each their own way, will inevitably lead to log on this server, gets the session successful, but on to another server , will get less than a session, resulting in authentication failure, so that the user is very unfriendly, then how to solve this problem?
There are several treatments:
- Find a public space used to store the session, the session rather than stored on a server cluster node, in which case, each server can access this space, in order to achieve the session sharing;
- Each session is still stored on the server information, without modification, but with another synchronization mechanism, real-time synchronization session information of each server;
- Construction of a new authentication mechanism, do not use session-cookie mechanism, but want to get rid authentication mechanism relies on a single server.
In summary, to name a few of the specific implementation:
1, the database session persistence, i.e. the use of a database to store session. Database happens to be a public storage space we generally use, serve two purposes, it is recommended to use mysql database, lightweight and good performance.
Advantages: simple local materials, in line with most people's thinking, use, does not require much additional coding
Disadvantages: higher performance requirements for mysql, mysql need to get access connection from the connection pool, and because most of the requests are required to login authentication, so the database operations are very frequent, when the user reaches a certain extent, can easily cause the database bottleneck , does not apply to the processing of high concurrency.
2, using redis sharing session. redis is a key-value storage system. Can simply be understood as a database, differs from traditional database is that it will store data in memory, and comes with a hard disk memory to serialization strategy, that strategy by synchronizing the data in memory to disk, to avoid loss of data, is the more popular solutions.
Advantages: no need to increase the pressure of the database because the data stored in memory, the read is very fast, high-performance, and can handle many types of data.
Cons: Some additional coding in order to operate redis.
3, the synchronization session using memcache, memcache can implement a distributed, server memory combinations can be together to form a "memory pool" in order to serve as a public space, save session information.
Advantages: data stored in memory, the read is very fast, good performance;
Disadvantages: memcache put the memory into a variety of specifications of the memory block, large and small, can not take full advantage of internal memory, memory fragmentation, waste of resources, if insufficient storage block, will produce memory overflow.
4, by a script or daemon synchronization session between multiple servers
Pros: to achieve the session sharing;
Cons: For individuals to achieve more complex, speed instability, time delay, depending on the reality of the service running, big chance, if for accessing too fast, the situation is not successful synchronization session may occur.
5, using NFS sharing session. NFS is short for Network File Server shared server, the first to solve the shared directory between Unix hosts and networks developed by Sun Microsystems. Select one common share of the NFS server to do, store all session data required for each server session are available from here.
Advantages: better to achieve the session sharing;
Disadvantages: higher costs for individuals, difficult to achieve. NFS relying on sophisticated security mechanisms and file systems, concurrent inefficient.
6, Cookie sharing session. This scheme can be said to be inventive, and will be distributed idea used in the extreme. Analysis mentioned above, session-cookie mechanisms, and session cookie correlated to the relay station's cookie, to find the corresponding session, wherein the session is stored on the server. So if the content is stored in the session cookie in it, then it omits the process server to save the session, the background check can only be authenticated in accordance with the agreed cookie identifier.
Pros: Perfect implement distributed concept, each user will be utilized, without consuming additional server resources;
Disadvantages: http protocol header by a length limitation, information stored in the cookie should not be excessive; in order to maintain global valid cookie, it is generally dependent on the root domain, so that substantially all of the http requests need to pass the tag information in the cookie, so will some of the server's bandwidth; the whole authentication information stored in a cookie, cookie exists in the client, the server does not store information, there is a cookie may leak or the others try to figure out the rules can disguise its poor security than others, so the need for the information in the cookie encryption and decryption, to enhance their security.