Shulou(Shulou.com)06/01 Report--

First, why use Session sharing?

A slightly larger website usually has several servers, each running different functional modules and using different second-level domain names, while for an integrated website, the user system is unified, that is, a set of user names and passwords can be logged in and used in each module of the whole website. It is relatively easy for each server to share user data, only need to put a database server on the back end, and each server can access the user data through a unified interface. However, there is still a problem, that is, after logging in to this server, when users enter other modules of another server, they still need to log in again. This is the problem of logging in at once, and the problem of all traffic is mapped to technology, which is actually the problem of how to share SESSION data among various servers.

Understand the working principle of session

Before you solve the problem, let's take a look at how PHP SESSION works. When a client (such as a browser) logs in to a website, the visited PHP page can use session_start () to open the SESSION, which results in the client's unique identity SESSION ID (this ID can be obtained / set through the function session_id ()). SESSION ID can be retained in the client in two ways, so that when requesting different pages, the PHP program can know the client's SESSION ID;, one is to automatically add SESSION ID to GET's URL, or POST's form, by default, the variable is called PHPSESSID;, the other is through COOKIE, SESSION ID is saved in COOKIE, by default, the name of this COOKIE is PHPSESSID. Here we mainly explain it in the way of COOKIE, because it is widely used.

The server distinguishes users by the session_id passed by the client, which is used to mark the login status of users.

When the user sends the request again, the session_id returned by the server is passed to the server in the form of cookie [or URL parameters], so that the server can distinguish the user for the specific operation.

3. How to solve the problem of session sharing after load balancing?

1. Do not use session, replace it with cookie

By changing session to cookie, you can avoid some of the disadvantages of session. [low security]

2. Record the session information in the database

Using database to record session information, session is used frequently. If it exists in the database, frequent reading will cause great pressure on the database, and the performance bottleneck of the website generally exists in the database.

3. Ip_hash algorithm is used to distribute the load balance.

Using ip_hash may result in a heavy load on one of the servers. If the server enters many requests [proxies] of fixed IP agents within a certain period of time, if the load of the proxy IP is too high, the load pressure of the server corresponding to the ip_hash will be too high, so the ip_hash will lose the role of load balancing.

4. Synchronize session files

Use synchronization tools to synchronize session files to ensure that the session files of the load server are consistent. Although this approach can solve the problem of session sharing, the same content will exist on multiple servers, and the session files that exist in some servers may not be used at all from the beginning to the end, wasting server resources. [rsync,inotify-tools et al.]

5. Use memcache or redis to save session information [recommended]

It is much faster to access data from within than to fetch information from files, and it is more convenient when multiple servers need to share session. It is possible to configure these servers to use the same set of memcached servers, which reduces the extra workload. The disadvantage is that the session data is stored in memory, and the data will be lost in case of downtime. But it's not a serious problem for session data.

4. PHP+REDIS solves the problem of session sharing

1. The default storage of session is configured in php.ini

/ / session storage method session.save_handler = files / / session save path N indicates that session.save_path is stored according to the hierarchy session.save_path = "Nentax path"

Note: session.save_path = "2Character data sess_4b1e384ad74619bd212e236e52a5a174If" represents the session file is divided into two levels of storage, that is, / data/session_tmp/4/b / sess_4b1e384ad74619bd212e236e52a5a174If, taking the first two characters, but the php does not generate a directory, it needs to be generated manually.

/ / the directory saved by session session.save_path = "d:/wamp/tmp" php comes with a function whether session_save_path// automatically turns on sessionsession.auto_start = 0

2. Set the session storage mode to redis

(1) restart php-fpm,nginx and change php.ini configuration file after modification

Session.save_handler = redis session.save_path = "tcp://127.0.0.1:6379"

(2) set via ini_set

Ini_set ("session.save_handler", "redis"); ini_set ("session.save_path", "tcp://127.0.0.1:6379")

There are password settings

Ini_set ("session.save_path", "tcp://127.0.0.1:6379?auth=redisauthkey")

(3) concrete realization

3. Establish your own session mechanism through session_id.

With the help of session_id to suggest a set of own mechanism, the principle can refer to the session preservation mechanism.

When the user requests for the first time, send session_id to the user.

After that, all requests should bring session.

After the user logs in, the user information is stored in redis and expressed with the help of session_id.

The advantage is that you abstract a set of session mechanisms into classes, and if there is no redis in session, you can solve the problem directly by modifying the class files later.

Author: Qi Yawei

Source: Yixin Institute of Technology

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.