I have two physical Apache servers behind a load balancer. The load balancer was supposed to be set up so that a user would always be sent to the same physical server after the first request, to preserve sessions.
This worked fine for our web apps until we added SSL to the setup. Now the user can successfully login, see the home page, but clicking on any other internal links logs the user right out. I traced the issue to the fact that while initial authentication is performed by server 1, clicking on internal links leads to having the request sent to server 2. Server 2 does not share sessions with server 1, and the user is kicked out.
How can I fix it?
Do I need to share sessions between the two servers? If so, could you point me to a good guide for doing this?
Thanks.
Answer
If you want to have session stickiness in your load balancer, then you have to terminate the SSL on the load balancer. This means that you have to install the SSL certificate into load balancer.
Another solution is to configure the load balancer to use source IP stickiness for SSL (HTTPS).
A 3rd solution would be to keep the sessions in a common database (e.g. memcached, SQL database). For .NET see: http://support.microsoft.com/kb/317604 For PHP see: http://kevin.vanzonneveld.net/techblog/article/enhance_php_session_management/
No comments:
Post a Comment