[UPHPU] load balanced file-based sessions

Sean sean at lookin3d.com
Tue May 6 11:41:21 MDT 2008 

Joseph Scott wrote:
>
> On May 6, 2008, at 10:18 AM, Sean wrote:
>
>>>> What options exist for file-based sessions within a high traffic, 
>>>> load balanced environment?
>>>
>>>
>>> Having session state on the server side is very convenient, but when 
>>> it comes to scaling out it becomes a real pain.  If you have a site 
>>> that must be able to handle a lot of traffic (pick your number, 
>>> depends a lot on your app) then the convenience of server side 
>>> session state quickly becomes a liability.  For high traffic sites I 
>>> highly recommend designing it to not use server side session state.
>>>
>>
>> You loose a lot of security by having the client store the data...
>
>
> I'm not suggesting that either ( I must have done bad job explaining 
> my position ).  What I'm advocating for high traffic sites is sticking 
> with the shared nothing approach that HTTP provides as much as 
> possible.  There are of course some minimal things that need to be 
> done via cookies, like user validation, but that list should be very, 
> very short and the exception, not the rule.
>
> Keeping session state in cookies isn't really much of option for 
> variety of reasons (security, additional bandwidth, size limitations, 
> etc).  Doing session state on the server side is fine for smaller 
> sites (will never grow beyond 1 web server), but is a pain for sites 
> that have to scale out to handle lots of traffic/page views.  That 
> basic reason that it is a pain is keeping all of that data in sync 
> across all of the potential web servers and data centers that your 
> user might hit to access your site.  In many respects keeping user 
> state in sync is much more important than keeping your application 
> data in sync (replication lag and such), because of the potential 
> security implications.
>
> Avoiding session state for your high traffic site will make it easier 
> to scale and reduce the number of things that you have to keep up and 
> going and in (mostly) in sync.  For high traffic sites they'll be 
> plenty of other things to keep you busy :-)
You know that some major websites like Amazon use session, right? How do 
you propose to keep track of the current user without cookies???


-- 

Sean Thayne,
Exit12

More information about the UPHPU mailing list