[UPHPU] load balanced file-based sessions

Joseph Scott joseph at randomnetworks.com
Tue May 6 11:00:45 MDT 2008 

On May 6, 2008, at 10:18 AM, Sean wrote:

>>> What options exist for file-based sessions within a high traffic,  
>>> load balanced environment?
>>
>>
>> Having session state on the server side is very convenient, but  
>> when it comes to scaling out it becomes a real pain.  If you have  
>> a site that must be able to handle a lot of traffic (pick your  
>> number, depends a lot on your app) then the convenience of server  
>> side session state quickly becomes a liability.  For high traffic  
>> sites I highly recommend designing it to not use server side  
>> session state.
>>
>
> You loose a lot of security by having the client store the data...


I'm not suggesting that either ( I must have done bad job explaining  
my position ).  What I'm advocating for high traffic sites is  
sticking with the shared nothing approach that HTTP provides as much  
as possible.  There are of course some minimal things that need to be  
done via cookies, like user validation, but that list should be very,  
very short and the exception, not the rule.

Keeping session state in cookies isn't really much of option for  
variety of reasons (security, additional bandwidth, size limitations,  
etc).  Doing session state on the server side is fine for smaller  
sites (will never grow beyond 1 web server), but is a pain for sites  
that have to scale out to handle lots of traffic/page views.  That  
basic reason that it is a pain is keeping all of that data in sync  
across all of the potential web servers and data centers that your  
user might hit to access your site.  In many respects keeping user  
state in sync is much more important than keeping your application  
data in sync (replication lag and such), because of the potential  
security implications.

Avoiding session state for your high traffic site will make it easier  
to scale and reduce the number of things that you have to keep up and  
going and in (mostly) in sync.  For high traffic sites they'll be  
plenty of other things to keep you busy :-)

--
Joseph Scott
joseph at randomnetworks.com
http://joseph.randomnetworks.com/

More information about the UPHPU mailing list