PHP Replicated Database Sessions Failover
https://stackoverflow.com/questions/5825259
-
26-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have 2 servers available for failover. The database is replicated (MySQL) as a Master-Master, such that, each server runs a copy of the full-stack. I see the session table get updated when I'm on one server, and after inspecting the requests, I see the same PHPSESSID being sent. But, when I change URLs or failover to the secondary machine, my session is killed and I have to re-login.
Same PHPSESSID value is sent on the secondary, but the session is not recognized. Is Apache/PHP linking the session to that particular box? If so, how can I get them to recognize the session that is already in the database?
Solution
Note: Moved from 'EDIT' to an answer to mark as answered
Actually found the solution. The 'problem' is the Suhosin patch for securing the PHP installation. Suhosin supports configurable options for encrypting the session data based on a crypt key, as well as the DocRoot of the application, since the failover server had a different DocRoot, there was no chance of the encrypted data being read.
I edited suhosin.ini to add a shared crypt key, and turned off the DocRoot encryption option, and the sessions are shared as expected.
Solution via: http://rommelsantor.com/clog/2011/02/06/php-shared-session-encoding-solution/
OTHER TIPS
If you're using $_SESSION then that is tied down to that server. You should use a cookie to track session ids and then match it back up with a session in the DB.
