Re: Two sessions or one session when connect to two load-balanced webServers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Jun 28, 2007, at 10:23 AM, Qingshan Xie wrote:


I have two questions on Sessions and Connections.

1. If a browser sends multiple requests and
establishes Two Connections with an Apache server, how
many sessions it will be generated, one or two?
The answer is None. HTTP is stateless, and Apache does not generate sessions.
Perhaps your back-end application does preserve state in some way, by generating session cookies or encoding session information into the URL.
In the latter case, the browser should send the session cookie along with the second request, or access session-encoded URLs to load additional resources (images, JavaScript, ...). Such secondary requests are always based on information obtained from the first request, even if they appear to occur simultaneously.
Use HTTPWatch or IEWatch to find out what exactly happens when your browser makes a request, and what cookies get passed back and forth. 


2. If a browser sends multiple HTTPS requests to two
load-balanced Apache servers, how many sessions will
be generated?  I guess it will generate at least two
sessions with two different sessionKeys, sessionIDs.
If this is true, will there be a session conflict
occurring?
HTTPS is HTTP piped over SSL. At the HTTP protocol level, the answer is exactly the same as above.
At the SSL level, an SSL session is generated and likely re-used for subsequent requests IF you have SSL Session Caching set up correctly. However, this is completely transparent to the protocol on top of SSL and has no impact on the state of your application.
To troubleshoot session problems, load up IEWatch or HTTPWatch or some other protocol inspection tool and look at things like: 

1) What cookies get set by the server in the initial response?
2) What path value comes with the session cookie?
3) Does the cookie get passed back to the server by subsequent requests?
4) Does the server respect the cookie from 3), or does it try to set a new 
   session cookie?
Once again, this is application level troubleshooting, and has little to do with Apache itself. 

Regards,

Sander

--
Sander Temme
sctemme@xxxxxxxxxx
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux