473,837 Members | 1,574 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

sessions/cookies and sharing files between multiple servers

Hi all,

I have a php/mysql website where people can upload their own graphics for
the buttons and background of pages on the website.

This used to run on one server, but I have now been asked to set it up on
multiple servers.

The problem is that when someone uploads a file, how do I distribute it to
all of the servers? Should I use php to send it to all of the servers once
it has been uploaded, or is there a better way of synchronizing the files
between all of the servers?

Also, I am not sure how autologin (based on cookies) and sessions will
work when distributing across multiple servers, as my understanding is
that these are on a per domain basis? (i.e. if someone goes to
node1.site.com and hits autologin, but next time gets node3, the cookie
wont be picked up?)

Any pointers appreciated!

Cheers,

Ben
Nov 3 '06 #1
3 3997
"Ben Holness" <us****@bens-house.org.ukwro te in message
news:pa******** *************** *****@bens-house.org.uk...
Also, I am not sure how autologin (based on cookies) and sessions will
work when distributing across multiple servers, as my understanding is
that these are on a per domain basis? (i.e. if someone goes to
node1.site.com and hits autologin, but next time gets node3, the cookie
wont be picked up?)
I looked up PHP's native session support, I'm not seeing a way that this
will do the trick for you.

When you create a session across multiple servers, you are concerned with:

a)Is the session identifier guaranteed unique (so that you can't
accidentally create two sessions on two servers with the same session
identifier).

b)How is the session identifier verified as valid by the server. Two
possibilities, not mutually exclusive:

b1)Hashing scheme--hash part of identifer must match other context.

b2)Server state--server remembers which sessions it has issued.

c)Can a user "forge" a session identifier? What will the consequences be?

d)If a user "sniffs" a session identifier or gets it from a URL or some
other means, can it be reused, perhaps concurrently from another machine
used for an attack. (One helpful discouragement: server remembers which IP
a session belongs to.)

If I'm understanding your problem correctly, (b2) implies that the servers
must communicate somehow, whereas (b1) does not.

Easiest solution is probably to assign session identifiers so that session
identifiers are something like.

$small_random_n umber . MD5(SECRET_STRI NG . $connecting_ip .
$small_random_n umber)

where you distribute the same "SECRET_STR ING" to all the servers.

Each server can authenticate a session identifier issued by another server,
with no communication required between the servers.

But if you require the sessions to hold server-side state that all the
servers know about, and if you require a person to be able to log out ...
you need some communication between the servers.

It is possible to roll your own session handling. I'm working on a database
right now:

http://fboprimedevel.e3ft.com

The session code is here:

http://fboprime.e3ft.com/vcvsgpl01/v...viewcvs-markup

http://fboprime.e3ft.com/vcvsgpl01/v...viewcvs-markup

You can roll your own ... it works just fine to do that.

But you need to settle (a) through (d) above. (b2) will require
communication between the servers.

Post back if anything unclear.

Dave.

Nov 3 '06 #2
>I have a php/mysql website where people can upload their own graphics for
>the buttons and background of pages on the website.

This used to run on one server, but I have now been asked to set it up on
multiple servers.
Why? The reason matters. If it's a matter of more horsepower with lots
of little machines rather than one huge one, that's one thing. If it's
redundancy for extreme reliability, that's another.
>The problem is that when someone uploads a file, how do I distribute it to
all of the servers? Should I use php to send it to all of the servers once
it has been uploaded, or is there a better way of synchronizing the files
between all of the servers?
NFS shared filesystem? Or you divide the files between the systems?
>Also, I am not sure how autologin (based on cookies) and sessions will
work when distributing across multiple servers, as my understanding is
that these are on a per domain basis? (i.e. if someone goes to
node1.site.c om and hits autologin, but next time gets node3, the cookie
wont be picked up?)
If you're using a round-robin DNS scheme or something fancier with
routers and switches for load-balancing, the browser won't know the
difference between node1.site.com and node3.site.com, because it
thinks they're all node.site.com, and you won't have an issue with
domains. Otherwise, use domain cookies rather than individual host
cookies for the session cookie.

It is possible to use a session save handler to put session data
in a MySQL (or other) database rather than a bunch of little files.
If you share this database between webservers, one login can work
across several machines. Also, putting the session data in a
database makes it much easier to expire old data.

Nov 3 '06 #3
Why? The reason matters. If it's a matter of more horsepower with lots
of little machines rather than one huge one, that's one thing. If it's
redundancy for extreme reliability, that's another.
Mainly horsepower, but it does also provide some redundancy, which is nice
NFS shared filesystem? Or you divide the files between the systems?
That's probably the solution that I will use, a couple of people have
suggested it. I was also thinking about unison or rysnc, but I think NFS
will suit better :)

Thanks for the comments. I am thinking that to make the session stuff
easier, I might just keep the user on one server once they have logged in,
but have PHP dynamically choose a node to load an image and run DB queries
from...

Cheers,

Ben
Nov 4 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1740
by: Oscar Overdijk | last post by:
Well i want to run multiple servers on the same host, has somebody a Howto for this? Host: RedHat 9 and MySQL 4.0.17 Using the following script: VERSION="40017" PREFIX="/var/lib/mysql/$VERSION" # InnoDB is included by default as of MySQL 4: # - prior to 4.x, include InnoDB with --with-innodb # - from 4.x on, exclude InnoDB with --without-innodb
0
925
by: Jason L James | last post by:
Hi all, I am writing an application that is acting as an web client, that needs to connect to multiple servers. The web servers are small embedded web servers that talk to a host of other electronics. I need my app to pole each web server to check for changes. I can connect to the two device I have currently,
1
1065
by: windsurfing_stew | last post by:
Hi, We have a website which is deployed to multiple web servers by robocopy across a WAN. In visual studio 2005 if you choose to publish the site to a directory it regenerates all of the dlls and for some reason changes all of the last modified dates on the aspx files to the present. This means that every trivial change to the website involves re-uploading everything again. Has anyone else experienced this?
0
2209
by: Pavan | last post by:
I have my .NET code published in two servers http://server1/<ApplicationName>/Publish.htm and http://server2/<ApplicationName>/Publish.htm, and if i open IE on the client machine and type the link (http://server1/<ApplicationName>/Publish.htm) it would install the application in the client machine from server1. 1) Changing the server location on the same client machine (i.e. http://server2/<ApplicationName>/Publish.htm) should override...
1
1436
by: NAT | last post by:
I am using session mode as "InProc"(entered in web.config). I have deployed my ASP.NET appln. on a server which uses Load Balancer. i.e I have two servers. I am using session across pages.The problem I am facing is that sometimes I find the session and sometimes not. I beleive this is happenning because of multiple servers. Because session is created on a worker process on one server and the second time it must be hitting the other server...
3
1895
by: NAT | last post by:
I am using session mode as "InProc"(entered in web.config). I have deployed my ASP.NET appln. on a server which uses Load Balancer. i.e I have two servers. I am using session across pages.The problem I am facing is that sometimes I find the session and sometimes not. I beleive this is happenning because of multiple servers. Because session is created on a worker process on one server and the second time it must be hitting the other server...
4
5128
by: gaddamreddy | last post by:
Hai to all frns, Reqirement 1: 1.I need to send a Request to one server through UDP socket.at that time i have to start a timer (setted to 2 sec) if i wont get the Response/ACK from that corresponding ACK from that server within 2 sec.i need to send the Request again. for this i did like this. #include <sys/types.h> #include <sys/socket.h>
13
8689
by: Samir Chouaieb | last post by:
Hello, I am trying to find a solution to a login mechanism for different domains on different servers with PHP5. I have one main domain with the user data and several other domains that need a login to show data. I want the user to login only once when he visits any of my domains.
1
1891
by: sirfsaif | last post by:
I have three servers and each server has separate MySQL and DB. For instance I have common DB i.e. store on all the three servers i.e web1, web2 and web3. I m running a query in DB store on web1 and I need to verify some data from a table in DB - store on web2. Can anyone reply how to perform this task in MySQL on cross servers. How can we establish connection with different server and DB to use in query.
0
9682
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10563
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
10267
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9392
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7804
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5668
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5845
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
4038
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3123
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.