[Owasp-delhi] doubt regarding session storage
deepak.yadav at torridnet.com
Thu Feb 12 21:53:56 EST 2009
There are two possibility in case of master server failed:
If the session data is stored on the master server locally then the
established connection with client will be disconnected becouse the
redirected server has no session data.
If the session data is stored on some centralized database and replicated
using some technique then the established connection with client will not be
disconnected due to the High Availability, another server stands up as
master server and shares session data from the centralized database. The
Session Clustering module provides a comprehensive solution for
synchronizing session data across a cluster. In this module the sessions
that "reside" on the server where they were first created are subsequently,
delivered to other servers in the cluster. This is done by having the
alternate server, request the session data from the original server. Session
Clustering HA (High Availability), is an additional safety layer for
maintaining session information integrity in Web cluster environments. HA
ensures that sessions will be serviced in case of a single failure.
On Thu, Feb 12, 2009 at 5:43 PM, Soi, Dhruv <dhruv.soi at owasp.org> wrote:
> http://en.wikipedia.org/wiki/Load_balancing_(computing)#Persistence<http://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence>might answer your question.
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Parmendra Sharma
> *Sent:* Thursday, February 12, 2009 5:27 PM
> *To:* owasp-delhi at lists.owasp.org
> *Subject:* [Owasp-delhi] doubt regarding session storage
> Dear OWASP Team,
> What happens in a multiserver site if a client accesses a first server (and
> establishes a session with it) and then is directed (by a
> load balancer) to a second server? What happens to the client session data
> in case the original server crashes?
> Pls clarify......
> Thanks and Regards:
> Parmendra Sharma
> Indian Computer Emergency Response Team (CERT-In)
> Ministry of Information Technology
> Government of India
> 6 C.G.O Complex
> Lodhi Road
> New Delhi
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi