I'm using Digital Ocean Load balancer to divide all the requests into 2 separated servers. Both servers are runing the same Laravel application, but when those 2 servers are online and i try to do a post request, sometimes i receive a status 419 and sometimes 200, but when 1 server is offline, the requests works normally
I suppose you are using the default session driver, which is files. Because of this your sessions are set on one of the server and the other server doesn't know of this session. The csrf token set on the form is created and checked using the current session for the visitor, if this request is posted to the other server you will receive an error 419 because this server has no knowledge of the session.
To solve this, you should use a session driver that can be shared between servers like database, memcached or redis.
Related
I am developing an application which allows the user to download data from this remote database server. My server sode contacts another database server, get&package all the data, and send the data back to the client side. Everything works fine locally. However, when I deploy my code to AWS Elastic Beanstalk, I get a HTTP 504: Gateway Timeout, if my request doesn't get a respond in 60 seconds (when the data is too large and it takes more time to get all the data).
I have looked up a lot of posts online, but most solutions had to do with using a load balancer. I am not currently using a load balancer, and I am not really sure how to proceed with my issue. I know what I have to do is to change the timeout/idle limit, but I can't seem to find a resource that gives me insight on how to do that when I am not using a load balancer.
To give a main idea of how the project is built, it is written in ReactJS and Java, and it connects to a remote database server to request data. I am not using CORS/proxy, but using the Java backend code to have my server contacting the database server when I request for data. I am also using annotations in Spring framework for my requests (and more specifically, the controller class).
If you have any ideas on how to solve this issue, please let me know. I really don't know much about web application development. Thanks in advance!
We have migrated a core php application to laravel behind AWS ELB(Prod1, Prod2 and RDS).
Before in core php everything works fine, but comes to laravel Prod1 with single instances it is working fine as expected but with adding 2 instances(prod1, prod2) to the Load Balancer (ELB) is not working. It's keep on asking login page even after providing the login credentials for the first 2 or 3 times and for the 4th time it is loggin in.sometimes this count vary from 1-4.
Please help us.
You most likely need to enable sticky sessions on your load balancer. The problem lies in that your user is bouncing to a different server and the other server does not have the session for the user.
Check out the AWS docs here in session stickiness. The setting by has to be tweaked at the load balancer level in AWS
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html
I was wondering that session management in cloud environments are available in many options for Microsoft azure/ Amazon Web Services / any private cloud. What I was looking that which is the best session management technique which will fit in all the cloud environments.
I have gone through many site but could not decide which is the most suitable in all cases. I read somewhere that Sticky sessions are also one of the option for session management. So looking for an answer which states that is Sticky sessions are different from cookie based session management?
If yes then how to use it?
Thanks
Ravi
Sticky session are likely to stay on same server when the first request comes and provided from same server for each request. Where as cookie based session are nothing but keeping the data on client machine in browser. can be served from any server which is available.
Yes Sticky Sessions are different than cookie based sessions.
As sticky sessions are nothing but handled by load balancers which handles to get sessions in request from client and passes it to the same server where the first request came to that server. E.g. While loading an website request goes to server A, then sessions get stored on server A, while next request comes from user the request sent to the same server i.e. Server A, irrespective of how many servers present in the farm.
Whereas cookie based sessions are stored on client machine, and it gets added with each new request. So it can be read and supported on any server in farm irrespective which server generated and stored session while first login.
I am facing very dramatic behavior caused by Amazon EC2 server. I have one web application deployed at Amazon ec2 server which is developed using Spring and Java. For every request new session is created here. I have one scenario where i need to store some data into httpsession object but due to session changing at every time I lost my data.
Your response is respectable.
Thanks.
Please add comment if forget something to mention here and its required to understand.
Let me explain my scenario completely:
I have two machines which have apache installed and integrated with tomcat server using mod_jk connector eg. app0 and app1 machines, this both machines are requested by load balancer of ec2 server. To replicate session for each instance of server i have used DeltaManager jdbc store setting because ec2 does not support SimpleTCPCluster setting.
DeltaManger code:
<Manager className="org.apache.catalina.session.PersistentManager"
saveOnRestart="true"
minIdleSwap="-1"
maxIdleSwap="-1"
maxIdleBackup="20"
processExpiresFrequency="1">
<Store className="org.apache.catalina.session.JDBCStore"
connectionURL="jdbc:mysql://localhost:3306/tomcat"
driverName="com.mysql.jdbc.Driver"
connectionName="username"
connectionPassword="password"
sessionIdCol="session_id"
sessionValidCol="valid_session"
sessionMaxInactiveCol="max_inactive"
sessionLastAccessedCol="last_access"
sessionTable="sessions"
sessionAppCol="app_name"
sessionDataCol="session_data"
/>
</Manager>
This all works fine on my local machine but failed on production as there are two machines and they are handled by ec2 load balancer.
Please comment if any thing else required.
Issue with session was that jsessionid cookie was removed from the request due to the different path. App has a "/" (root) as a path and jsessionid had a path "/". This was causing jsessionid to be removed from the request and since server never received the jsessionid it was creating the new one all the time.
We fixed the issue by adding parameter - emptySessionPath="true" - to all connectors in /etc/tomcat6/server.xml.
First this app works perfectly fine in a non-clustered environment.
The problem we have is when the ELB routes first to one server in a cluster during a session, then to a second server. The second server can't find the session. e.g.
An iOS app passes a login call to a Glassfish 4 server cluster (we're using oAuth/Facebook tokens, so no Glassish security realms).
The Amazon Elastic Load Balancer (ELB) sends to server 1.
Session is authenticated and user logged in and a session cookie passed back to the app.
Immediately the app sends another request which needs authentication (is this a valid session).
The ELB decides to send the request to server 2
In our authenticate servlet filter, server 2 can't find a session with the id passed in with the cookie
The servlet says the user is not authenticated and the call fails.
Our code is pretty typical for finding the session (if no session immediately return fail):
HttpSession session = req.getSession(false);
//psuedocode
if session == null then session not authenticated log and return
else session authenticated, log and return
If the second call gets routed to the same server as the login, the second call works fine. Whenever a call (be it the second, third, fourth, whatever) goes to the second server, authentication fails because it can't find the session on the second server.
I'm looking to see if anyone has encountered something like this and how you have resolved the issue. Is it better to use sticky sessions on the ELB, or is Apache web server using JK or AJP a better choice?
Two potential issues off the top of my head:
Have you specified <distributable/> in your web.xml?
Could be a multicast issue. EC2 does not support multicast, which is what GlassFish uses by default. Check out this stackoverflow thread that discusses the topic, including non-multicast clustering.