473,325 Members | 2,774 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

Passing/Storing Sessions on Clustered Server?

Hi all,

At work we have 2 servers in a cluster for our web apps.

One problem we have experienced (along with many others!) - is that if a
user is logged into one of the applications on server a for example and it
goes offline or fails their session is lost also - even though the
application becomes available on server b.

I have heard that it is possible to either exchange the sessions between
clustered servers or store them in a SQL Server database (probably
preferred) so that we could then restore them if such a failure should
occur.

Can anyone shed any light on this for me? Or give me some URL's to check out
and read.

Sorry this isn't a 100% pure IIS question - its obviously partly ASP also.

Thanks in advance for any help you can offer.

Regards

Robb

PS: Windows 2000 servers, SP3, Application Center 2000 SP1 (sp2 about to be
applied), SQL Server 2000 SP2 (sp3 about to be applied).
Jul 19 '05 #1
6 2219
You will need to "roll your own" sessions by putting the session data into a
database and using a cookie, hidden form field, or URL parameter to identify
the session. There are a number of articles out there on this. Also see
www.aspfaq.com. There are also a number of 3rd-party "session" objects that
support this behavior as well.

As I understand it, .NET has most of this built-in.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Rob Meade" <ro********@NO-SPAM.kingswoodweb.net> wrote in message
news:J7*********************@news-text.cableinet.net...
Hi all,

At work we have 2 servers in a cluster for our web apps.

One problem we have experienced (along with many others!) - is that if a
user is logged into one of the applications on server a for example and it
goes offline or fails their session is lost also - even though the
application becomes available on server b.

I have heard that it is possible to either exchange the sessions between
clustered servers or store them in a SQL Server database (probably
preferred) so that we could then restore them if such a failure should
occur.

Can anyone shed any light on this for me? Or give me some URL's to check out and read.

Sorry this isn't a 100% pure IIS question - its obviously partly ASP also.

Thanks in advance for any help you can offer.

Regards

Robb

PS: Windows 2000 servers, SP3, Application Center 2000 SP1 (sp2 about to be applied), SQL Server 2000 SP2 (sp3 about to be applied).

Jul 19 '05 #2
"Mark Schupp" wrote ...
You will need to "roll your own" sessions by putting the session data into a database and using a cookie, hidden form field, or URL parameter to identify the session. There are a number of articles out there on this. Also see
www.aspfaq.com. There are also a number of 3rd-party "session" objects that support this behavior as well.
As I understand it, .NET has most of this built-in.


Hi Mark,

Thanks for your reply, my appologies for the delay with mine.

Just trying to think about the database/cookie/form field thing above...not
quite sure how this would work (in English let alone code)...

We have found that when one of our 2 clustered servers goes down, when the
user thats on a page on the failed server clicks to move on, submits a form,
refreshes or whatever, they simply get a blank page, as a result I'm not
sure that the above would work? There is obviously a small time delay in the
sychronization between the two servers when ones goes down..and I guess if
you're the lucky user that actions something at this point if it hasnt
sychnonized on the other server then you're stuffed...

Cookies are probably a no go...primarily because I work for the NHS
(National Health Service) in the UK and they do not like them being used,
also, whilst many of our applications cater for our own organisation within
the NHS, a lot of them are for a wider audience, and this is then were all
the different O/S's, browsers, browser settings and so forth start to eat
away at our applications.

The form field option could well work, as most of the applications have form
content on each of the pages anyway...but again I'm not sure about the above
with regards to the 'white page' etc...

Many thanks again for the reply, I will forward the information on to my
colleagues and hopefully we'll be able to get something to work - and soon!

Regards

Rob
Jul 19 '05 #3
You might want to check and see if "session" cookies are allowed. That is
what supports ASP sessions. A session cookie is an in-memory cookie (never
written to disk). Session cookies disappear when the browser is re-started.
The only thing you would keep in it would be an identifier for the user's
current logged on session (not an identifier for the user him(her)self).
That identifier would allow you to look up other session data in a database.

Another approach is to put the session identifier in the URL for every link
in the application (this is how "cookie munger" worked).

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Rob Meade" <ro********@NO-SPAM.kingswoodweb.net> wrote in message
news:br*********************@news-text.cableinet.net...
"Mark Schupp" wrote ...
You will need to "roll your own" sessions by putting the session data
into a
database and using a cookie, hidden form field, or URL parameter to identify
the session. There are a number of articles out there on this. Also see
www.aspfaq.com. There are also a number of 3rd-party "session" objects

that
support this behavior as well.
As I understand it, .NET has most of this built-in.


Hi Mark,

Thanks for your reply, my appologies for the delay with mine.

Just trying to think about the database/cookie/form field thing

above...not quite sure how this would work (in English let alone code)...

We have found that when one of our 2 clustered servers goes down, when the
user thats on a page on the failed server clicks to move on, submits a form, refreshes or whatever, they simply get a blank page, as a result I'm not
sure that the above would work? There is obviously a small time delay in the sychronization between the two servers when ones goes down..and I guess if
you're the lucky user that actions something at this point if it hasnt
sychnonized on the other server then you're stuffed...

Cookies are probably a no go...primarily because I work for the NHS
(National Health Service) in the UK and they do not like them being used,
also, whilst many of our applications cater for our own organisation within the NHS, a lot of them are for a wider audience, and this is then were all
the different O/S's, browsers, browser settings and so forth start to eat
away at our applications.

The form field option could well work, as most of the applications have form content on each of the pages anyway...but again I'm not sure about the above with regards to the 'white page' etc...

Many thanks again for the reply, I will forward the information on to my
colleagues and hopefully we'll be able to get something to work - and soon!
Regards

Rob

Jul 19 '05 #4
"Mark Schupp" wrote...
You might want to check and see if "session" cookies are allowed.
Yep - we are already using these in our applications and for our login etc..
Session cookies disappear when the browser is re-started.
If the server drops, but the client still has the web page open - does the
session still exist (I appreciate at this stage that it would not relate to
anything anymore on the server which dropped)
The only thing you would keep in it would be an identifier for the user's
current logged on session (not an identifier for the user him(her)self).
That identifier would allow you to look up other session data in a database.

Ok, so I've just logged in, I have a session on server A, this is created in
a database and its ID for example returned to me and saved in a session
variable.

If the server drops after a page has loaded, when I click on a link the
first thing the page I'm going to has to do is check my session("sessionid")
or something against the database.

If I'm not creating sessions on the other server (server b) how do I still
have users time out after 20 minutes for example? Would this be by checking
the datetime the session was created in the database? And if so, presumably
each time the database is checked (at the start of each new page loading) I
should be updating this datetime if I havent exceed the 20 minutes etc?

The only problem I can still see is the white screen that I mentioned in my
initial post, where it seems that the servers havent finished doing whatever
it is they do when one fails. If I only get a white page, ie no ASP is
processed, I still wont be able to return the session info....hmmm...
Another approach is to put the session identifier in the URL for every link in the application (this is how "cookie munger" worked).


Hmm...that would require a hell of a lot of rewriting on the older
applications, and we often send URL's to various NHS professionals across
our patch - we normally try to keep this as 'simple' as possible because of
the various levels of competance (for IT at least) out there...I'm not sure
that this would be an approach we could take.

Thanks again for your reply.

Regards

Rob
Jul 19 '05 #5
You will not be able to use the ASP session id for the database key because
session ids are not unique between servers. What you need to do is create
your own session cookie (set a cookie with no expiration date) to contain a
key that you generate to identify the session in your database.

You will need to keep track of the last access time in your session table to
allow for session timeout. Check and update the time on each page access
when you load the session data (or when you update it on page exit). You may
also want a cleanup task to run periodically and delete old sessions from
the database.

The URL approach for passing the session id is what you would need if you
are not allowed to use any cookies at all. It is a lot more difficult
because you have to add it to every URL. Cookie Munger was an ISAPI filter
that would automatically convert session cookies to ids on the URL. It had
some serious drawbacks however. One was performance, it had to scan all
output HTML for links. Another was that it would not recognize URLs set in
script code (as in "document.location= aURL;").

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Rob Meade" <ro********@NO-SPAM.kingswoodweb.net> wrote in message
news:fv*******************@news-text.cableinet.net...
"Mark Schupp" wrote...
You might want to check and see if "session" cookies are allowed.
Yep - we are already using these in our applications and for our login

etc..
Session cookies disappear when the browser is re-started.
If the server drops, but the client still has the web page open - does the
session still exist (I appreciate at this stage that it would not relate

to anything anymore on the server which dropped)
The only thing you would keep in it would be an identifier for the user's current logged on session (not an identifier for the user him(her)self).
That identifier would allow you to look up other session data in a database.

Ok, so I've just logged in, I have a session on server A, this is created

in a database and its ID for example returned to me and saved in a session
variable.

If the server drops after a page has loaded, when I click on a link the
first thing the page I'm going to has to do is check my session("sessionid") or something against the database.

If I'm not creating sessions on the other server (server b) how do I still
have users time out after 20 minutes for example? Would this be by checking the datetime the session was created in the database? And if so, presumably each time the database is checked (at the start of each new page loading) I should be updating this datetime if I havent exceed the 20 minutes etc?

The only problem I can still see is the white screen that I mentioned in my initial post, where it seems that the servers havent finished doing whatever it is they do when one fails. If I only get a white page, ie no ASP is
processed, I still wont be able to return the session info....hmmm...
Another approach is to put the session identifier in the URL for every link
in the application (this is how "cookie munger" worked).


Hmm...that would require a hell of a lot of rewriting on the older
applications, and we often send URL's to various NHS professionals across
our patch - we normally try to keep this as 'simple' as possible because

of the various levels of competance (for IT at least) out there...I'm not sure that this would be an approach we could take.

Thanks again for your reply.

Regards

Rob

Jul 19 '05 #6
"Mark Schupp" wrote ...
You will not be able to use the ASP session id for the database key because session ids are not unique between servers.
I had guessed that would be the case...can we not use SQL unique identifier
instead?
What you need to do is create your own session cookie (set a cookie with no expiration date) to contain a key that you generate to identify the session in your database.
So a normal localised cookie on the users PC etc?
You will need to keep track of the last access time in your session table to allow for session timeout. Check and update the time on each page access
when you load the session data (or when you update it on page exit). You may also want a cleanup task to run periodically and delete old sessions from
the database.
Gotcha so far :)
The URL approach for passing the session id is what you would need if you
are not allowed to use any cookies at all. It is a lot more difficult
because you have to add it to every URL.
Yeah, I dont think the rest of our team would be too keen on that one :)
Cookie Munger was an ISAPI filter that would automatically convert session cookies to ids on the URL. It had some serious drawbacks however. One was performance, it had to scan all
output HTML for links. Another was that it would not recognize URLs set in
script code (as in "document.location= aURL;").


Deffo no go for us then as we do have a mixture of ASP and some client side
Javascript on various pages...

With regards to hitting the database continuously for the session stuff,
isn't that going to have a bit of a knock-on effect on performance? I
myself have developed one application that is used 24/7 by NHS staff who
update emergency admissions etc, they do this at the moment once every hour,
it only has about 3 pages in total which bounce back and forth to the
database etc, but multiply this by the number of locations/users etc, thats
quite a few hits to the server for the session info...

I'm still concerned about the white screen event though...I guess until we
try and test this approach we wont know...I'll not be around in the office
to test this for another week due to a .net training course, plus I'm not
sure if our development server is clustered also (probably not) - so I'll
have to speak to someone about that - it might mean that we can only test
this on a live cluster....

Thanks again for your help.

Regards

Rob
Jul 19 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Paul | last post by:
I want to use sessions to cover myself in case the user switches off cookies so I am passing the session ID manually through a hidden input field. This is what I have so far. index.php page...
5
by: Raju V.K | last post by:
I am developing a web site which requires a set og unique values be transferred between pages and server many times. There fore i decided to put the values in an array so that only one reference to...
4
by: jeff brubaker | last post by:
Hello, Currently we have a database, and it is our desire for it to be able to store millions of records. The data in the table can be divided up by client, and it stores nothing but about 7...
1
by: Steve_CA | last post by:
Hi, The more I read, the more confused I'm getting ! (no wonder they say ignorance is bliss) I just got back from the bookstore and was flipping through some SQL Server Administration...
5
by: jim_geissman | last post by:
One table I manage has a clustered index, and it includes some varchar columns. When it is initially created, all the columns in the clustered index are populated, and then some of the longer...
6
by: Scott Zabolotzky | last post by:
I'm trying to pass a custom object back and forth between forms. This custom object is pulled into the app using an external reference to an assembly DLL that was given to me by a co-worker. A...
2
by: Lyle Fairfield | last post by:
'Property Clustered As Boolean 'Member of DAO.Index Private Sub IsThereaClusteredIndex() Dim tdf As DAO.TableDef Dim idx As DAO.Index For Each tdf In DBEngine(0)(0).TableDefs For Each idx In...
5
by: pb648174 | last post by:
I've been doing a bit of reading and have read in quite a few places that an identity column is a good clustered index and that all or at least most tables should have a clustered index. The tool I...
26
by: Bookham Measures | last post by:
Hello We are planning to set-up a load balanced web environment. Accordingly, we are going to change the session management on our website from the classic ASP Session State and session...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.