web farm session sharing

[Guest]

Hi

I am having a problem sharing session between SSL and non-SSL asp.net pages
I have F5 BigIP with sticky sessions working fine, but the problem is tha
sticky session applies at the port level (80 vs. 443) so when a user goes t
a SSL page I lose session vars because it's on another server on the farm
When the user stays on the same server for both non-SSL and SSL the sessio
is shared OK

Has anyone come across this problem and are there any work arounds

Thanks

Danie

 

[Doug Perkes]

Daniel,

The best way to get around this is to use a Session State server. You can
either store the sessions in a state server or in SQL Server. You could even
define one of your web servers as the state server for the farm. I've had
good experience using SQL Server session state but not the state server. The
best part about is is that you can disable sticky sessions -- they are no
longer needed. By disabling sticky sessions, you make your system more fault
tolerant becuase a web server can go down without losing any session
information.

For more information see:

ASP.NET Session State
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp12282000.asp

HTH,

Doug

 

[Guest]

I did look into session state, but the issue is the same that once the user goes from SSL to non-SSL a new session is started under SSL

Thanks
----- Doug Perkes wrote: ----

Daniel

The best way to get around this is to use a Session State server. You ca
either store the sessions in a state server or in SQL Server. You could eve
define one of your web servers as the state server for the farm. I've ha
good experience using SQL Server session state but not the state server. Th
best part about is is that you can disable sticky sessions -- they are n
longer needed. By disabling sticky sessions, you make your system more faul
tolerant becuase a web server can go down without losing any sessio
information

For more information see

ASP.NET Session Stat
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp12282000.as

HTH

Dou

 

[Jason DeFontes]

One option is storing the session information in a central location that
all the servers have access to. ASP.NET supports dedicating a
centralized session state server, or storing the session state in Sql
Server. See this article:

http://msdn.microsoft.com/library/en-us/dnaspp/html/aspnetsessionstate.asp

I've yet to try this in a production evironment though, so I'm not sure
how well it really scales.

-Jason

 

[Doug Perkes]

Daniel,

It is most likely that a new session is being started becuase the user is
getting sent to a new server. Since the new server doesn't recognize the
session id being sent to it, the web server creates a new session for the
user.

Since the user is being moved from HTTP (port 80) to HTTPS (port 443) the
load balancer treats it as new user and sends it to an arbitrary server.

-- doug

I did look into session state, but the issue is the same that once

the user goes from SSL to non-SSL a new session is started under SSL.