473,881 Members | 1,704 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Passing/Storing Sessions on Clustered Server?

Hi all,

At work we have 2 servers in a cluster for our web apps.

One problem we have experienced (along with many others!) - is that if a
user is logged into one of the applications on server a for example and it
goes offline or fails their session is lost also - even though the
application becomes available on server b.

I have heard that it is possible to either exchange the sessions between
clustered servers or store them in a SQL Server database (probably
preferred) so that we could then restore them if such a failure should
occur.

Can anyone shed any light on this for me? Or give me some URL's to check out
and read.

Sorry this isn't a 100% pure IIS question - its obviously partly ASP also.

Thanks in advance for any help you can offer.

Regards

Robb

PS: Windows 2000 servers, SP3, Application Center 2000 SP1 (sp2 about to be
applied), SQL Server 2000 SP2 (sp3 about to be applied).
Jul 19 '05 #1
6 2258
You will need to "roll your own" sessions by putting the session data into a
database and using a cookie, hidden form field, or URL parameter to identify
the session. There are a number of articles out there on this. Also see
www.aspfaq.com. There are also a number of 3rd-party "session" objects that
support this behavior as well.

As I understand it, .NET has most of this built-in.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Rob Meade" <ro********@N O-SPAM.kingswoodw eb.net> wrote in message
news:J7******** *************@n ews-text.cableinet. net...
Hi all,

At work we have 2 servers in a cluster for our web apps.

One problem we have experienced (along with many others!) - is that if a
user is logged into one of the applications on server a for example and it
goes offline or fails their session is lost also - even though the
application becomes available on server b.

I have heard that it is possible to either exchange the sessions between
clustered servers or store them in a SQL Server database (probably
preferred) so that we could then restore them if such a failure should
occur.

Can anyone shed any light on this for me? Or give me some URL's to check out and read.

Sorry this isn't a 100% pure IIS question - its obviously partly ASP also.

Thanks in advance for any help you can offer.

Regards

Robb

PS: Windows 2000 servers, SP3, Application Center 2000 SP1 (sp2 about to be applied), SQL Server 2000 SP2 (sp3 about to be applied).

Jul 19 '05 #2
"Mark Schupp" wrote ...
You will need to "roll your own" sessions by putting the session data into a database and using a cookie, hidden form field, or URL parameter to identify the session. There are a number of articles out there on this. Also see
www.aspfaq.com. There are also a number of 3rd-party "session" objects that support this behavior as well.
As I understand it, .NET has most of this built-in.


Hi Mark,

Thanks for your reply, my appologies for the delay with mine.

Just trying to think about the database/cookie/form field thing above...not
quite sure how this would work (in English let alone code)...

We have found that when one of our 2 clustered servers goes down, when the
user thats on a page on the failed server clicks to move on, submits a form,
refreshes or whatever, they simply get a blank page, as a result I'm not
sure that the above would work? There is obviously a small time delay in the
sychronization between the two servers when ones goes down..and I guess if
you're the lucky user that actions something at this point if it hasnt
sychnonized on the other server then you're stuffed...

Cookies are probably a no go...primarily because I work for the NHS
(National Health Service) in the UK and they do not like them being used,
also, whilst many of our applications cater for our own organisation within
the NHS, a lot of them are for a wider audience, and this is then were all
the different O/S's, browsers, browser settings and so forth start to eat
away at our applications.

The form field option could well work, as most of the applications have form
content on each of the pages anyway...but again I'm not sure about the above
with regards to the 'white page' etc...

Many thanks again for the reply, I will forward the information on to my
colleagues and hopefully we'll be able to get something to work - and soon!

Regards

Rob
Jul 19 '05 #3
You might want to check and see if "session" cookies are allowed. That is
what supports ASP sessions. A session cookie is an in-memory cookie (never
written to disk). Session cookies disappear when the browser is re-started.
The only thing you would keep in it would be an identifier for the user's
current logged on session (not an identifier for the user him(her)self).
That identifier would allow you to look up other session data in a database.

Another approach is to put the session identifier in the URL for every link
in the application (this is how "cookie munger" worked).

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Rob Meade" <ro********@N O-SPAM.kingswoodw eb.net> wrote in message
news:br******** *************@n ews-text.cableinet. net...
"Mark Schupp" wrote ...
You will need to "roll your own" sessions by putting the session data
into a
database and using a cookie, hidden form field, or URL parameter to identify
the session. There are a number of articles out there on this. Also see
www.aspfaq.com. There are also a number of 3rd-party "session" objects

that
support this behavior as well.
As I understand it, .NET has most of this built-in.


Hi Mark,

Thanks for your reply, my appologies for the delay with mine.

Just trying to think about the database/cookie/form field thing

above...not quite sure how this would work (in English let alone code)...

We have found that when one of our 2 clustered servers goes down, when the
user thats on a page on the failed server clicks to move on, submits a form, refreshes or whatever, they simply get a blank page, as a result I'm not
sure that the above would work? There is obviously a small time delay in the sychronization between the two servers when ones goes down..and I guess if
you're the lucky user that actions something at this point if it hasnt
sychnonized on the other server then you're stuffed...

Cookies are probably a no go...primarily because I work for the NHS
(National Health Service) in the UK and they do not like them being used,
also, whilst many of our applications cater for our own organisation within the NHS, a lot of them are for a wider audience, and this is then were all
the different O/S's, browsers, browser settings and so forth start to eat
away at our applications.

The form field option could well work, as most of the applications have form content on each of the pages anyway...but again I'm not sure about the above with regards to the 'white page' etc...

Many thanks again for the reply, I will forward the information on to my
colleagues and hopefully we'll be able to get something to work - and soon!
Regards

Rob

Jul 19 '05 #4
"Mark Schupp" wrote...
You might want to check and see if "session" cookies are allowed.
Yep - we are already using these in our applications and for our login etc..
Session cookies disappear when the browser is re-started.
If the server drops, but the client still has the web page open - does the
session still exist (I appreciate at this stage that it would not relate to
anything anymore on the server which dropped)
The only thing you would keep in it would be an identifier for the user's
current logged on session (not an identifier for the user him(her)self).
That identifier would allow you to look up other session data in a database.

Ok, so I've just logged in, I have a session on server A, this is created in
a database and its ID for example returned to me and saved in a session
variable.

If the server drops after a page has loaded, when I click on a link the
first thing the page I'm going to has to do is check my session("sessio nid")
or something against the database.

If I'm not creating sessions on the other server (server b) how do I still
have users time out after 20 minutes for example? Would this be by checking
the datetime the session was created in the database? And if so, presumably
each time the database is checked (at the start of each new page loading) I
should be updating this datetime if I havent exceed the 20 minutes etc?

The only problem I can still see is the white screen that I mentioned in my
initial post, where it seems that the servers havent finished doing whatever
it is they do when one fails. If I only get a white page, ie no ASP is
processed, I still wont be able to return the session info....hmmm...
Another approach is to put the session identifier in the URL for every link in the application (this is how "cookie munger" worked).


Hmm...that would require a hell of a lot of rewriting on the older
applications, and we often send URL's to various NHS professionals across
our patch - we normally try to keep this as 'simple' as possible because of
the various levels of competance (for IT at least) out there...I'm not sure
that this would be an approach we could take.

Thanks again for your reply.

Regards

Rob
Jul 19 '05 #5
You will not be able to use the ASP session id for the database key because
session ids are not unique between servers. What you need to do is create
your own session cookie (set a cookie with no expiration date) to contain a
key that you generate to identify the session in your database.

You will need to keep track of the last access time in your session table to
allow for session timeout. Check and update the time on each page access
when you load the session data (or when you update it on page exit). You may
also want a cleanup task to run periodically and delete old sessions from
the database.

The URL approach for passing the session id is what you would need if you
are not allowed to use any cookies at all. It is a lot more difficult
because you have to add it to every URL. Cookie Munger was an ISAPI filter
that would automatically convert session cookies to ids on the URL. It had
some serious drawbacks however. One was performance, it had to scan all
output HTML for links. Another was that it would not recognize URLs set in
script code (as in "document.locat ion= aURL;").

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Rob Meade" <ro********@N O-SPAM.kingswoodw eb.net> wrote in message
news:fv******** ***********@new s-text.cableinet. net...
"Mark Schupp" wrote...
You might want to check and see if "session" cookies are allowed.
Yep - we are already using these in our applications and for our login

etc..
Session cookies disappear when the browser is re-started.
If the server drops, but the client still has the web page open - does the
session still exist (I appreciate at this stage that it would not relate

to anything anymore on the server which dropped)
The only thing you would keep in it would be an identifier for the user's current logged on session (not an identifier for the user him(her)self).
That identifier would allow you to look up other session data in a database.

Ok, so I've just logged in, I have a session on server A, this is created

in a database and its ID for example returned to me and saved in a session
variable.

If the server drops after a page has loaded, when I click on a link the
first thing the page I'm going to has to do is check my session("sessio nid") or something against the database.

If I'm not creating sessions on the other server (server b) how do I still
have users time out after 20 minutes for example? Would this be by checking the datetime the session was created in the database? And if so, presumably each time the database is checked (at the start of each new page loading) I should be updating this datetime if I havent exceed the 20 minutes etc?

The only problem I can still see is the white screen that I mentioned in my initial post, where it seems that the servers havent finished doing whatever it is they do when one fails. If I only get a white page, ie no ASP is
processed, I still wont be able to return the session info....hmmm...
Another approach is to put the session identifier in the URL for every link
in the application (this is how "cookie munger" worked).


Hmm...that would require a hell of a lot of rewriting on the older
applications, and we often send URL's to various NHS professionals across
our patch - we normally try to keep this as 'simple' as possible because

of the various levels of competance (for IT at least) out there...I'm not sure that this would be an approach we could take.

Thanks again for your reply.

Regards

Rob

Jul 19 '05 #6
"Mark Schupp" wrote ...
You will not be able to use the ASP session id for the database key because session ids are not unique between servers.
I had guessed that would be the case...can we not use SQL unique identifier
instead?
What you need to do is create your own session cookie (set a cookie with no expiration date) to contain a key that you generate to identify the session in your database.
So a normal localised cookie on the users PC etc?
You will need to keep track of the last access time in your session table to allow for session timeout. Check and update the time on each page access
when you load the session data (or when you update it on page exit). You may also want a cleanup task to run periodically and delete old sessions from
the database.
Gotcha so far :)
The URL approach for passing the session id is what you would need if you
are not allowed to use any cookies at all. It is a lot more difficult
because you have to add it to every URL.
Yeah, I dont think the rest of our team would be too keen on that one :)
Cookie Munger was an ISAPI filter that would automatically convert session cookies to ids on the URL. It had some serious drawbacks however. One was performance, it had to scan all
output HTML for links. Another was that it would not recognize URLs set in
script code (as in "document.locat ion= aURL;").


Deffo no go for us then as we do have a mixture of ASP and some client side
Javascript on various pages...

With regards to hitting the database continuously for the session stuff,
isn't that going to have a bit of a knock-on effect on performance? I
myself have developed one application that is used 24/7 by NHS staff who
update emergency admissions etc, they do this at the moment once every hour,
it only has about 3 pages in total which bounce back and forth to the
database etc, but multiply this by the number of locations/users etc, thats
quite a few hits to the server for the session info...

I'm still concerned about the white screen event though...I guess until we
try and test this approach we wont know...I'll not be around in the office
to test this for another week due to a .net training course, plus I'm not
sure if our development server is clustered also (probably not) - so I'll
have to speak to someone about that - it might mean that we can only test
this on a live cluster....

Thanks again for your help.

Regards

Rob
Jul 19 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
5947
by: Paul | last post by:
I want to use sessions to cover myself in case the user switches off cookies so I am passing the session ID manually through a hidden input field. This is what I have so far. index.php page contains: <?php $_SESSION = ""; $_SESSION = "";
5
7621
by: Raju V.K | last post by:
I am developing a web site which requires a set og unique values be transferred between pages and server many times. There fore i decided to put the values in an array so that only one reference to the array is needed ratherthan idividual reference. The situation is like this: When the page is loaded based on the user input say 6 values are created like character1="tom", character2="jerry", Character3="micky", Character4="donald",...
4
4151
by: jeff brubaker | last post by:
Hello, Currently we have a database, and it is our desire for it to be able to store millions of records. The data in the table can be divided up by client, and it stores nothing but about 7 integers. | table | | id | clientId | int1 | int2 | int 3 | ... | Right now, our benchmarks indicate a drastic increase in performance if we divide the data into different tables. For example,...
1
2277
by: Steve_CA | last post by:
Hi, The more I read, the more confused I'm getting ! (no wonder they say ignorance is bliss) I just got back from the bookstore and was flipping through some SQL Server Administration books. One says, that to get the best query performance, youi do two things:
5
6073
by: jim_geissman | last post by:
One table I manage has a clustered index, and it includes some varchar columns. When it is initially created, all the columns in the clustered index are populated, and then some of the longer varchars are populated through update queries. If the varchar columns are stored outside the clustered structure, then it would make sense to create the clustered index before populating the varchar columns. Otherwise it would make sense to wait,...
6
3265
by: Scott Zabolotzky | last post by:
I'm trying to pass a custom object back and forth between forms. This custom object is pulled into the app using an external reference to an assembly DLL that was given to me by a co-worker. A query-string flag is used to indicate to the page whether it should instantiate a new instance of the object or access an existing instance from the calling page. On the both pages I have a property of the page which is an instance of this custom...
2
4352
by: Lyle Fairfield | last post by:
'Property Clustered As Boolean 'Member of DAO.Index Private Sub IsThereaClusteredIndex() Dim tdf As DAO.TableDef Dim idx As DAO.Index For Each tdf In DBEngine(0)(0).TableDefs For Each idx In tdf.Indexes Debug.Print tdf.Name, idx.Name, idx.Primary, idx.Clustered Next idx
5
9727
by: pb648174 | last post by:
I've been doing a bit of reading and have read in quite a few places that an identity column is a good clustered index and that all or at least most tables should have a clustered index. The tool I used to generate tables made them all with non clustered indexes so I would like to drop all of them and generate clustered indexes. So my questions is a) good idea? and b) how? There are foreign key references to most of them so those would...
26
7953
by: Bookham Measures | last post by:
Hello We are planning to set-up a load balanced web environment. Accordingly, we are going to change the session management on our website from the classic ASP Session State and session variables, to a database method. Does any one have any pointers as to how I might approach this, so that I can have the same sort of functionality the ASP sessions give without having to create database columns for each session variable I wish to...
0
9776
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
11095
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10716
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
10399
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9552
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7952
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5976
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
4194
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3223
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.