Since there hasn't been much traffic on the list lately, I thought I
might throw out a topic for discussion.
Cookie persistence, your thoughts? Crucial or superfluous?
Tony
lb-l mailing list
lb-l (AT) vegan (DOT) net
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

1-There are many clients in the internet that are not allowing
cookies (due to company policy and if the cookie is in the http header),
that may cause a problem
2-Cookies (sessionid) in the URI are not usually set at the first
page page accessed that may cause a problem as well
3-HTTPS has to be offloaded before If you want to do ssl and
cookie together.

And I am not sure if the all the vendors handle cookie persistence as it
should be since I have had many issues with Alteon when doing cookie
passive in the URI and in the header as well. Even if they do it well
the performance has to be followed carefully.

Message
From: lb-l-bounces (AT) vegan (DOT) net [mailto:lb-l-bounces (AT) vegan (DOT) net] Behalf
Tony Bourke
Sent: Tuesday, March 27, 2007 7:19 PM
To: Load Balancing Mailing List
Subject: [load balancing] Cookie Persistence

Since there hasn't been much traffic on the list lately, I thought I
might throw out a topic for discussion.

Cookie persistence, your thoughts? Crucial or superfluous?

Tony

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive http://lbdigest.com Load
Balancing Digest

This message and attachments are confidential and intended solely for the individual(s) stated in this
message. If you received this message although you are not the addressee, you are responsible to keep the
message confidential. The sender has no responsibility for the accuracy or correctness of the
information in the message and its attachments. company shall have no liability for any changes
or late receiving, loss of integrity and confidentiality, viruses and any damages caused in
anyway to your computer system.

Bu mesaj ve ekleri, mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir. Bu mesajin muhatabi
olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yukumlulugune
uyulmasi zorunlulugu tarafiniz icin de soz konusudur. Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
guncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir. Sirketimiz
mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, butunlugunun ve gizliliginin
korunamamasindan, virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
sorumlu tutulamaz.

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

Personally I think cookies are great when its in the application and
they suck when used on a load balancer.

Regards,
Malcolm.

Tony Bourke wrote:
Since there hasn't been much traffic on the list lately, I thought I
might throw out a topic for discussion.

Cookie persistence, your thoughts? Crucial or superfluous?

Tony

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

Tuesday 27 March 2007 17:18, Tony Bourke wrote:
Since there hasn't been much traffic on the list lately, I thought I
might throw out a topic for discussion.

Cookie persistence, your thoughts? Crucial or superfluous?

Crucial We use it extensively. As it's also used by Weblogic etc for
session data, it's pretty much ideal, since it works well, AND the
application won't work without cookies anyway, so it means anyone that wants
their browser to work with the apps are going to have cookies enabled anyway.

Hamish.

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
PGP SIGNATURE
Version: GnuPG v1.4.5 (GNU/Linux)

y86WXJ/RxnoZYYJ7A=
=SKBw
PGP SIGNATURE

Tony Bourke <tony <atvegan.netwrites:

Since there hasn't been much traffic on the list lately, I thought I
might throw out a topic for discussion.

Cookie persistence, your thoughts? Crucial or superfluous?

Tony

lb-l mailing list
lb-l <atvegan.net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

Very very crucial For our services we need extensive persistence so our
services work correctly, we use passive cookies and also insert, we also use
layer 7 persistence. I think the trick is working out what persistence is best
suited to each application, every application works a bit differently with
cookies. When this is clear cookie persistence works fine on the Application
Switches and when the correct load is present.

r

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

Malcolm wrote:
Personally I think cookies are great when its in the application and
they suck when used on a load balancer.

What then, out of curiosity, is your preferred method for session
persistence?

Thanks,

David

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

lb-l mailing list
lb-l (AT) vegan (DOT) net
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

Malcolm wrote:
David,

As I said cookies in the application + session id in the URL as well
if you want,
with all data in a fast persistent back end storage.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^

Ahh, now that's a luxury I don't have. The servers behind my LB need
external persistence control because they store session data locally (in
memory). "poorly designed" and "legacy" would seem to apply from the LB
admin perspective, and from a scalability perspective as taking out/down
a server by definition breaks existing sessions.

David

Using a load balancer for persistence is a cheap band aid solution to
an application problem.
I think that's what Ben meant by "poorly designed" and "legacy"

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

See, I (respectfully) disagree. There are plenty of modern, well
written applications that are stateful. And using persistence,
especially cookie persistence, can be a simple and elegant solution.

While there are obvious advantages to having a stateless/common state
application (being able to tolerate constantly crashing servers, for
instance), the development of such may involve quite a bit of work,
bypassing a lot of the common tools already out there for developing
interactive sites.

Application developers the session handling capabilities of the
underlying application platform, such as PHP, ASP, Ruby, Java, etc. To
setup a session PHP for instance, all you need to do is
"session_start();". PHP handles the rest. platforms have similar
mechanisms. (It would be interesting to see if those session state
directories could be shared among various servers.)

People might inherit an application, or use a pre-packaged application,
that utilizes these platform's session handling mechanisms. For them,
it would be insane to try to re-write them to be stateless, when all it
would take is a load balancer with persistence. All you need to do is
setup active or passive cookies (or even IP persistence). A simple and
easy solution. Sure, you've got to keep your servers up, but even with
Microsoft, that's not really hard anymore.

I've seen the session argument used by some load balancer vendors that
don't support cookie persistence. Even the LVS site had such a stateful
admonishment page, but they removed it (possibly because many LAMP
applications are stateful). It always reeked of competitor advantage
nullification.

Most applications are a hybrid anyway. Certain state information is
kept on the server, but the important aspects, such as message board
posts, IDs, whatever, are stored on a common backend database.

If you've got servers that are rebooted often, that would seem to me to
be the weakness, not a stateful application. :)

Tony

Ben Wilson wrote:
Sessions should be shared between the load balanced servers; if that
isn't possible because of application constraints that qualify for both
adjectives, in my opinion.

We preserve sessions across _sites_ by using a common database session
table.

I would catch so much crap is 1/5 our users lost their session because
we had to boot a server! (Windows servers)
>
>
>

>Message
>From: lb-l-bounces (AT) vegan (DOT) net [mailto:lb-l-bounces (AT) vegan (DOT) net] Behalf
>Tony Bourke
>Sent: Wednesday, March 28, 2007 8:53 AM
>To: Load Balancing Mailing List
>Subject: Re: [load balancing] Cookie Persistence
>>
>Hi Ben,
>>
>If the server does go down, then yes the session is lost.
>>
>What do you mean by "poorly designed" and "legacy"? I've heard that
>term before when referring to stateful applications.
>>
>Tony
>>
>Ben Wilson wrote:
>
I don't understand layer 7 persistence. Don't sessions break if you
take a server down?

As a crutch for a poorly designed or "legacy" applications I guess

it

would be useful.

--
Ben

Message
From: lb-l-bounces (AT) vegan (DOT) net [mailto:lb-l-bounces (AT) vegan (DOT) net]
Behalf Tony Bourke
Sent: Tuesday, March 27, 2007 12:19 PM
To: Load Balancing Mailing List
Subject: [load balancing] Cookie Persistence

Since there hasn't been much traffic on the list lately, I thought

I

might throw out a topic for discussion.

Cookie persistence, your thoughts? Crucial or superfluous?

Tony

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive http://lbdigest.com
Load Balancing Digest

The information contained in this email is confidential and is
intended solely for the use of the person identified and intended as
the recipient. If you are not the intended recipient, any

disclosure,

copying, distribution, or taking of any action in reliance on the
contents is prohibited. If you receive this message in error,

contact

the sender immediately and delete it from your computer. Personal
e-mails are restricted by PSECU policy. As such, PSECU specifically
disclaims any responsibility or liability for any personal

>information
>
or opinions of the author expressed in this email.

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive http://lbdigest.com
Load Balancing Digest


>
>lb-l mailing list
>lb-l (AT) vegan (DOT) net
>
>Searchable Archive: http://vegan.net/lb/archive http://lbdigest.com
>Load Balancing Digest
>
>

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest

lb-l mailing list
lb-l (AT) vegan (DOT) net

Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest