[Owasp-delhi] doubt regarding session storage

Deepak Yadav deepak.yadav at torridnet.com
Thu Feb 12 21:53:56 EST 2009


There are two possibility in case of master server failed:


   If the session data is stored on the master server locally then the
   established connection with client will be disconnected becouse the
   redirected server has no session data.

   If the session data is stored on some centralized database and replicated
   using some technique then the established connection with client will not be
   disconnected due to the High Availability, another server stands up as
   master server and shares session data from the centralized database. The
   Session Clustering module provides a comprehensive solution for
   synchronizing session data across a cluster. In this module the sessions
   that "reside" on the server where they were first created are subsequently,
   delivered to other servers in the cluster. This is done by having the
   alternate server, request the session data from the original server. Session
   Clustering HA (High Availability), is an additional safety layer for
   maintaining session information integrity in Web cluster environments. HA
   ensures that sessions will be serviced in case of a single failure.

With Regards,
Deepak Yadav

On Thu, Feb 12, 2009 at 5:43 PM, Soi, Dhruv <dhruv.soi at owasp.org> wrote:

>  http://en.wikipedia.org/wiki/Load_balancing_(computing)#Persistence<http://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence>might answer your question.
> -Dhruv
>  ------------------------------
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Parmendra Sharma
> *Sent:* Thursday, February 12, 2009 5:27 PM
> *To:* owasp-delhi at lists.owasp.org
> *Subject:* [Owasp-delhi] doubt regarding session storage
> Dear OWASP Team,
> What happens in a multiserver site if a client accesses a first server (and
> establishes a session with it) and then is directed (by a
> load balancer) to a second server? What happens to the client session data
> in case the original server crashes?
> Pls clarify......
> --
> Thanks and Regards:
> Parmendra Sharma
> Indian Computer Emergency Response Team (CERT-In)
> Ministry of Information Technology
> Government of India
> 6 C.G.O Complex
> Lodhi Road
> New Delhi
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090213/41cfcfa2/attachment.html 

More information about the Owasp-delhi mailing list