3

My company has a customer-facing web application distributed across several servers for the purpose of load balancing and fault tolerance. The application is written in Ruby (Rack, running under Passenger), and authentication to the application is handled via HTTP session cookies.

We currently use a SQL database to store the session data (replicating it as part of our standard database replication), however this solution is not ideal as our SQL database is Postgres, and does not support multi-master operations (during a maintenance outage on the master database logged-in users can check their sessions against a slave, but new users cannot log in). The overhead of SQL queries for every page hit is also not optimal.

I would like to know what practical solutions folks are currently using in production.
Ideally we're looking for:

  • A shared session store
    Users logged in to Server A should be able to transparently move to Server B without having to log back in.

  • Good redundancy
    Losing a single server shouldn't lose any session state.

  • Low overhead
    At a minimum "less intensive than a SQL query for each page hit".

voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • This could just as easily fit over on [Stack Overflow](http://stackoverflow.com), but at least in my organization "How you store the session data" is a sysadmin problem. (What goes in the bucket we provide is the developer's responsibility.) – voretaq7 Jul 09 '14 at 20:19
  • This looks clearly ops to me. Dev puts sessions in X. Ops makes X scalable. – Michael Hampton Jul 09 '14 at 20:30
  • @MichaelHampton That's generally my feeling. The underlying session stores are transparent to the developers (modulo my insisting that they "Make the session store a configuration option so I can change it without patching the code!") - If the software is properly engineered I can change session stores all day long with no code changes from the development team. – voretaq7 Jul 09 '14 at 20:34
  • And it being in Rails, developing that sort of independence is between easy and trivial, since Rails can handle most of it for you. – Michael Hampton Jul 09 '14 at 20:36

1 Answers1

0

So far the most promising solution we've found is rack-session-mongo. This, combined with MongoDB replication, should meet both the shared session store and redundancy/failover requirements.

We're beginning testing to see if it meets the "low overhead" requirement, but it seems promising in that regard as well.

voretaq7
  • 79,345
  • 17
  • 128
  • 213