Session ID and Cluster / Network Load Balancing

[Andrew Robinson]

I am running two servers with a hardware network load balancing device. I
know that to share session information between the two servers I need to
implement some type of SQL based session information, but I would simply
like to share the SessionID. Mainly for some logging applications.

The SessionID does currently seem to be shared between the two servers and I
haven't changed anything with my configuration or implemented anything
specific to this in my program. Does this seem normal or am I missing
something?

I just want to make sure that if it is working correctly, it will continue
to do so.

I already have the same machine key on both machines if that is of any
relevance.

Thanks,

-Andrew

 

[Steve Lutz]

What type of session management is configured in your Web.Config? How can
you tell the sessions are shared? Are you sure that when you go to the site,
you are not hitting the same webserver everytime which would make it appear
as though the session is shared.

S

 

[Andrew Robinson]

I am not saying that the sessions are shared only that it appears that the
session ids on both servers for a given client are the same. I have been
logging them and if they were different, they should be showing up as so 50%
of the time.

is the session ID in some way tied to the machine key? (which is the same on
both machines)

this is good enough for me but I just want some confirmation that I am
seeing things correctly.

-Andrew

 

[Terry Fei[MSFT]]

Hi Andrew,

As for the SESSIONID shared in cluster/loadbalance scenario, are you using
the asp.net's buildin formsauthentication or just using the SESSIONID to
build your custom form-based(cookie) authentication?

As far as I know, for cluster /load balance scenario, SQLServer session
mode is one approach for sharing session. And SessionID should be OK
regardless of the session mode sicne by default sessionid are stored in
cookie(if cookie not disabled at cilentside).

#How to use ASP.NET session state SQL Server Mode in a failover cluster
http://support.microsoft.com/default.aspx?scid=kb;en-us;323262

Also, for cluster it seems provide the means for us to always redirect the
same client to a fixed webserver (if using in memory session) so as to
avoid multi-server session sharing problem:

#How To Handle Web Client Session State in an Application Center 2000
Cluster
http://support.microsoft.com/default.aspx?scid=kb;en-us;286279

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Andrew Robinson]

I think we are making things too complicated here....

We are using a hardware based load balancing device. It randomly distributes
load. There is no affinity for clients and I am not sure that we can change
that.

All I want to know is that it appears that the Session ID is the same on
clients for both machines. This surprises me. Is the Session ID tied in any
way to the Machine ID in the Machine.Config file? It is the only thing on
the servers that has been changed to be identical.

I have no need to share actual session informaiton between the two machines,
but I am utalizing the Session ID to track some client activity.

Does this all make sense?


-Andrew

 

[Juan T. Llibre]

Andrew,

It seems that you would be better off requesting support
from the manufacturer of your hardware load balancing
device, which you haven't identified so far.

There's no way that, without knowing the particulars about the
configurational possibilities for your hardware load balancing device,
you could get an answer to an open-ended question like the one you've made.

Hardware load balancing devices vary widely in regards
to their capabilities and possible troubleshooting techniques.

Fire off an email to your hardware load balancer's manufacturer.

 

[WenJun Zhang[msft]]

Hi Andrew,

Not very sure on your hardware loadbalance implementation, however, IMO, if
that hardware loadbalance does hidden the underlying things from ASP.NET's
perspective, and as you said , the applciation on different end server did
share sessionIDs, I think it'll be ok. Because sessionid are simply stored
in cookie at clientside and the hardware load balancing device will expose
the same hostname (url) to the clientside, the same cookie path will be
searched no matter which end server is actually redirected to. How do you
think ?

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)