Shulou(Shulou.com)06/03 Report--

The following brings you how to solve the problem of Session sharing when load balancing. I hope it can bring some help to you in practical application. Load balancing involves more things, there are not many theories, and there are many books on the Internet. Today, we will use the accumulated experience in the industry to do an answer.

When each client visits the website, it will create a corresponding Session to store the customer's status information. If the website has made a load balance, session sharing should be done. IIS has five modes for storing session.

I. ASP.Net session storage mode

1. InProc mode (in-process mode). Is the default setting.

Session state is stored in memory on the Web cloud server.

2. StateServer mode (state server mode).

Session state is stored in a separate process called the ASP.Net State Service. This ensures that session state is preserved when the Web application is restarted and that session state is available to multiple Web servers in the network farm.

3. SQL Server mode.

Session state is stored in an SQL Server database. This ensures that session state is preserved when the Web application is restarted and that session state is available to multiple Web servers in the network farm.

4. Custom mode

This mode allows you to specify a custom storage provider.

5. Off mode

This mode disables session state.

Using StateServer to store session

If the website has done load balancing, you can only choose 2, 3, 4 for session storage. Let's first introduce the StateServer mode. First, we have to enable the status service.

Then set the session state of the web site

Enable native status service

The configuration file is automatically generated in web.config (manually added if it cannot be generated)

But there is a problem here. If each server is configured as above, and the Session of each server is stored in the local StateServer, it still does not have the function of starting sharing, so that one StateServer needs to be shared for other servers to access, and the Session is stored on it. Run regedit → to open the registry → to find the HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ aspnet_state\ Parameters node → sets the key of AllowRemoteConnection to "1" (1 to allow connections to remote computers, 0 to disable)

You can also modify the port of StateServer

Next, modify the configuration file of web.config in other servers (sessionState points to StateServer that allows remote access)

Using StateServer as a shared session storage method not only has security risks, but also like the shared StateServer above, as long as you restart the server, all session will be lost, so this session storage method is not perfect. StateServer storage sesssion is more suitable for stand-alone IIS to start multi-processes.

Third, use SQL server to store session

To ensure security and not lose session due to restarting the server, it is necessary to use sql server to store session,ASP.NET 2.0. Microsoft provides aspnet_regsql.exe tools to easily configure Session databases. The tool is located in the system root Microsoft.NETFramework version number folder on the Web server

Cd C:\ Windows\ Microsoft.NET\ Framework64\ v4.0.30319aspnet_regsql.exe-ssadd-sstype c-d-S-U-P aspnet_regsql.exe-ssadd-sstype c-d ASPState-S 10.16.5.36-U sa-P HAha789

Note: the name of the database is ASPState, the name of the database instance is IBM-PC\ SQLEXPRESS (if the database is not 2005, do not write the ip address, otherwise the connection will fail), sa (or the same permission as sa), the password session of the sa user name is successfully defined, but the corresponding configuration will be prompted in the web application. At this time, check SQLServer and you will find that the database ASPState has been added, but there is no table.

Run the following command from the command line: aspnet_regsql.exe-ssadd-sstype p-S-U-P

Aspnet_regsql.exe-ssadd-sstype p-S 10.16.5.36-U sa-P HAha789

This command persists the application. At this point, you will see that there are two more tables in the ASPState database, and ASPStateTempSession can be used to save Session. Next, you need to set the "session state" of the web site.

The SessionID in the ASPStateTempSessions table consists of two parts: the 24-bit SessionID generated by the website and the 8-bit AppId. The AppId and AppName are also different for different sites. To be able to share Session in different sites, it is necessary to ensure that the 32-bit SessionID is the same, so you can modify the stored procedure TempGetAppID so that the resulting SessionID is independent of AppName. Modify the TempGetAppID as follows

Modify web.config (assign a separate account for ASPState in the database)

In this way, sql server can store session, and of course, you can also use memcache to store session.

4. ASP.NET error. Failed to verify view state MAC

However, when logging in and visiting the website, it reported an error "ASP.NET error, failed to verify the view state MAC", baidu for a while, and most people said that it was to add the settings of EnableEventValidation= "false" EnableViewStateMac= "false" ViewStateEncryptionMode= "Never" to the page or web.config. But this does not fundamentally solve the problem, on the contrary, it is more unsafe to do so. Can't you just say you made a mistake? If you make a mistake, you have to solve the problem, and you have to solve the problem fundamentally.

Analyze the cause of the error:

There are many things in ASP.NET that involve encryption, such as ViewState, such as FormsAuthenticationTicket, these things are transmitted to the client, encryption can ensure its security. Encryption requires a private key, but we don't specify this private key because ASP.NET automatically generates it. However, if it is in a network farm or cluster, or in some virtual hosts loaded by CDN, because multiple servers are involved, ASP.NET cannot automatically generate the same private key for each machine. As a result, the data generated by this server cannot be parsed by that server. So it went wrong. What shall I do? Since ASP.NET cannot automatically randomly generate the same private key on multiple servers, we have to specify it ourselves.

MachineKey generation tool, automatic code generation

Https://www.fishlee.net/tools/machinekeygenerator

Insert the generated Machinekey into the web.config:

The role of MachineKey:

Encryption and decryption of cookie data when ASP.net uses forms authentication. To ensure that this part of the data will not be tampered with the encryption and decryption of viewstate data. To ensure that this part of the data will not be tampered with. When using out-of-process session (out-of-process session), the session state identity is verified. Using SessionStateMode's SQLServer to achieve session sharing, after all, is something of Microsoft, with certain limitations, can only be sql server. In fact, session sharing can use other databases, such as memcache and redis

5. ASP.NET status database FAQ

1. If the SESSION value is stored in the database and the user closes the program, how to clear the session value in the database?

When the actual ASP.NET creates the state database, it adds a job named _ Job_DeleteExpiredSessions to the job of the SQL Server Agent (SQL Server Agent). If you open the SQL Server agent service database, you can periodically delete the timed-out state data through the timeout field (Exprires) of the added status record.

2. How to use the SessionId field in the ASPStateTempSessions table?

The value of the SessionID field of this table in the database consists of SessionID and AppID, and the last 8 bits are AppID, so it must be SessionID before the last 8 bits. For example, the value stored in the database is "ekr30c3mwvnc3145yrswew3a037e5e5a", the last 8-bit "037e5e5a" is AppID, and the preceding "ekr30c3mwvnc3145yrswew3a" is a string that you can get using Session.SessionID in the application.

3. How to tell when Session was updated?

When the Session record is updated, both the Expires and LockDateLocal,Expires fields are updated to the UTC time, and LockDateLocal is still needed if you want to make a local comparison.

4. The program to get the node information of Web.config configuration file?

'' get the Web.config file configuration instance

Dim configuration As System.Configuration.Configuration = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration ("~ / web.config")

'' get the status configuration node instance

Dim mSessionStateSection As System.Web.Configuration.SessionStateSection = CType (configuration.GetSection ("system.web/sessionState"), System.Web.Configuration.SessionStateSection)

'' get the state mode

Response.Write (mSessionStateSection.Mode)

'' get the status timeout

Response.Write (mSessionStateSection.Timeout)

After reading the above about how to solve the problem of Session sharing during load balancing, if there is anything else you need to know, you can find out what you are interested in in the industry information or find our professional and technical engineer to answer, the technical engineer has more than ten years of experience in the industry. Official website link www.yisu.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.