Huge Session Problems
Permalink
Hi,
I'm having big problems with concrete and a client server. They're on Amazon with load balancers and that throws a bunch of problems that I can't resolve, but the biggest one and very disconcerting, is that sessions are being inconsistent and the admin toolbar appears at random to persons that never logged in, on computers that never logged in.
on top of that, I (admin) keep getting logged out, or cannot logged out, etc, all kinds of weird behaviours.
I'm on concrete5 5.7.5.8
Anyone had a similar case or that could shed some light on this topic please?
I'm having big problems with concrete and a client server. They're on Amazon with load balancers and that throws a bunch of problems that I can't resolve, but the biggest one and very disconcerting, is that sessions are being inconsistent and the admin toolbar appears at random to persons that never logged in, on computers that never logged in.
on top of that, I (admin) keep getting logged out, or cannot logged out, etc, all kinds of weird behaviours.
I'm on concrete5 5.7.5.8
Anyone had a similar case or that could shed some light on this topic please?
I know of that method but we didn't implement it on this site. It's really weird how a user gets the toolbar as if it was logged in. A bit scary to be honest.
How have you approached session persistence?
Sticky Sessions on the load balancer or by storing the sessions in a shared database?
Sticky Sessions on the load balancer or by storing the sessions in a shared database?
I don't have a solution. Right now it kicks me out from time to time, but that's something I have to deal with. Would love a solution though. Could you elaborate on those you mention? I'm not savvy with servers and networks so every help is really appreciated.
Adding load balancing in front of a site immediately requires some extra considerations, you unfortunately can't just add it and have everything work without further configuration.
Load balancing means you've created duplicate servers, each with the ability to serve your site. So if the load balancer redirects you to a different server, you're effectively _reaching a different site_, it's just serving the same content.
I'm not load balancing expert, and I've never actually done it with a concrete5 site, but there's four main problems that come to mind:
- Database content
- File storage
- Configuration file storage
- Sessions
On AWS, the database can be placed on it's own server, with each server instance using the same copy. This means that if you make a change on the site content all instances see the same thing. For file storage, you'd likely need to configure the site to store files via S3, using an adapter like:https://www.concrete5.org/marketplace/addons/storage-for-amazon-s3...
For the configuration files, this gets a bit trickier. Some settings within concrete5 aren't stored in the database, they get written to the /application/config directory. So these files would need to be kept in sync across the instances (the same goes for any packages you install).
And finally, with the sessions, you need someway for your infrastructure to effectively track a user across the different instances.
Amazon's load balancer does allow 'sticky sessions', which is where the load balancer itself keeps track of a user with a cookie and sends them to the same server for a period of time.
(I've not used this before though, so I can't really comment on how well it works with c5)
The other option is that you can tell concrete5 to store the session in the database, and since the database is going to be shared all instances see the same sessions. From the looks of it this should be easy to enable:
http://documentation.concrete5.org/tutorials/enable-database-based-...
So in terms of your immediately problem, you could try enabling the database backed sessions and seeing how you go.
I mention the other factors just for consideration - perhaps they've already been handled and it's just the sessions you're dealing with.
Again I've not actually tried to load balance concrete5 before, I'd caution that it's not really a trivial task in any sense. You might find that simply running concrete5 on a single, more powerful server will suit your needs. Amazon's services are a bit more designed for lots of smaller instances that scale up and down for cost effectiveness (at least that's my impression), whereas their larger instances might get pretty pricey compared to other VPS.
Load balancing means you've created duplicate servers, each with the ability to serve your site. So if the load balancer redirects you to a different server, you're effectively _reaching a different site_, it's just serving the same content.
I'm not load balancing expert, and I've never actually done it with a concrete5 site, but there's four main problems that come to mind:
- Database content
- File storage
- Configuration file storage
- Sessions
On AWS, the database can be placed on it's own server, with each server instance using the same copy. This means that if you make a change on the site content all instances see the same thing. For file storage, you'd likely need to configure the site to store files via S3, using an adapter like:https://www.concrete5.org/marketplace/addons/storage-for-amazon-s3...
For the configuration files, this gets a bit trickier. Some settings within concrete5 aren't stored in the database, they get written to the /application/config directory. So these files would need to be kept in sync across the instances (the same goes for any packages you install).
And finally, with the sessions, you need someway for your infrastructure to effectively track a user across the different instances.
Amazon's load balancer does allow 'sticky sessions', which is where the load balancer itself keeps track of a user with a cookie and sends them to the same server for a period of time.
(I've not used this before though, so I can't really comment on how well it works with c5)
The other option is that you can tell concrete5 to store the session in the database, and since the database is going to be shared all instances see the same sessions. From the looks of it this should be easy to enable:
http://documentation.concrete5.org/tutorials/enable-database-based-...
So in terms of your immediately problem, you could try enabling the database backed sessions and seeing how you go.
I mention the other factors just for consideration - perhaps they've already been handled and it's just the sessions you're dealing with.
Again I've not actually tried to load balance concrete5 before, I'd caution that it's not really a trivial task in any sense. You might find that simply running concrete5 on a single, more powerful server will suit your needs. Amazon's services are a bit more designed for lots of smaller instances that scale up and down for cost effectiveness (at least that's my impression), whereas their larger instances might get pretty pricey compared to other VPS.
Thank you for this awesome response.
The server is out of my reach, it's what they're using and since their main site was already a Concrete5 (not made by us) and with my poor server knowledge I didn't think there could be problems like these. Honestly, I think AWS with load Balancers are a bit overkill for what they have running but I have no say in that.
Will look up the great tips you shared.
Thank you.
The server is out of my reach, it's what they're using and since their main site was already a Concrete5 (not made by us) and with my poor server knowledge I didn't think there could be problems like these. Honestly, I think AWS with load Balancers are a bit overkill for what they have running but I have no say in that.
Will look up the great tips you shared.
Thank you.
Found while searching for something entirely different:
https://www.concrete5.org/community/forums/5-7-discussion/load-balan...
https://www.concrete5.org/community/forums/5-7-discussion/load-balan...
Unfortunately, I can't recall where the topic was.