Announcement

Collapse
No announcement yet.

issues with sessions behind load balancer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • issues with sessions behind load balancer

    My forum has hit a breaking point, and I purchased a couple of servers to create a cluster. I got all the data migrated and functioning with a single server/single database and all was well, so I replicated the forum to the 3rd machine, and set up mod_proxy/mod_proxy_balancer, and it was working fine, to a point, it ran into session issues because of what I thought was session persistence issues.

    So, I stuck a Zeus load balancer in front, and same issues.

    What would happen is that sometimes, after a bunch of clicking around, I would see what I assume is session errors from PHP (blank pages on showthread.php clicks). Someone told me there is a way to force VB to use MySQL for all session data?

    Any advice?

  • #2
    anyone?

    Comment


    • #3
      bump?

      Comment


      • #4
        vBulletin will always store sessions in MySQL.

        You migth get into problems with sessions if the load balancer does not forward the original IP of the client but passes it's own IP to the webservers. This would make it seem like all requests are coming from the same IP which can lead to problems (within vBulletin and even on your webserver). Also make sure that there is no serverside caching that thinks all requests are coming from the same client connection.
        Want to take your board beyond the standard vBulletin features?
        Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

        Comment


        • #5
          Is there anything that can be done in the case of using something like mod_proxy_balancer where the actual client IP is not passed?

          Comment


          • #6
            I doubt it as all clients would create a session with the same IP.
            Want to take your board beyond the standard vBulletin features?
            Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

            Comment


            • #7
              I just put a load balancer in my setup and came to a hard shock with the single IP requesting everything.

              My solution add this to global.php

              PHP Code:
              if ($_SERVER['HTTP_X_FORWARDED_FOR'])
                  
              $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; 
              Works for about 99% of visitors.
              - MrLister

              Comment


              • #8
                Originally posted by mrlister View Post
                I just put a load balancer in my setup and came to a hard shock with the single IP requesting everything.

                My solution add this to global.php

                PHP Code:
                if ($_SERVER['HTTP_X_FORWARDED_FOR'])
                    
                $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; 
                Works for about 99% of visitors.
                You should be careful with $_SERVER['HTTP_X_FORWARDED_FOR'] & $_SERVER['HTTP_CLIENT_IP'] as both can contain comma-separated lists of IP addresses and both can be forged. You should really break apart the IPs into an array and run a sanity check before using them for anything important. Also keep in mind that both of these fields can contain internal IP addresses, so you might end up with a lot of users with IPs of '192.168.0.100' or '192.168.1.100'.

                This code is rough but should work. The first line fetches the server variable 'HTTP_X_FORWARDED_FOR', removes everything that isn't a number, a period, or a comma, strips any extra commas from the beginning and end, and then explodes it into an array. The rest cycles through the array and makes sure that every value passed is actually a valid IP address. This example will actually only keep the last valid IP found. You'd probably want to run the code twice; a second time as an "else if" to pull any hits from the less-commonly-used 'HTTP_CLIENT_IP'.
                PHP Code:
                if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) {
                    
                $forwardedips =  explode(',',trim(ereg_replace("[^0-9,\.]","",$_SERVER['HTTP_X_FORWARDED_FOR']),','));
                    foreach (
                $forwardedips as $ip) {
                         if (
                $ip === long2ip(ip2long($ip))) {
                             
                $_SERVER['REMOTE_ADDR'] = $ip;
                         }
                    }

                EDIT: Ignore the reply email if you got one, the code was wrong. The code above is correct.
                Jason Litka - Utter Ramblings

                Comment


                • #9
                  Sorry to revive a dead thread, but I just tried doing this and had no luck. The "improved" code below fails, giving my site a blank white screen. The "generic" code that was posted first goes into global.php fine causing no errors, but my site members are still being shown as visiting from the load balancer (hardware) IP address. I'm using vBulletin 3.6.8. I'm not terribly worried about people forging their originating IP address since we don't really use IP addresses much but they're nice to have if needed. Any ideas? Thanks in advance!

                  Originally posted by jason|xoxide View Post
                  You should be careful with $_SERVER['HTTP_X_FORWARDED_FOR'] & $_SERVER['HTTP_CLIENT_IP'] as both can contain comma-separated lists of IP addresses and both can be forged. You should really break apart the IPs into an array and run a sanity check before using them for anything important. Also keep in mind that both of these fields can contain internal IP addresses, so you might end up with a lot of users with IPs of '192.168.0.100' or '192.168.1.100'.

                  This code is rough but should work. The first line fetches the server variable 'HTTP_X_FORWARDED_FOR', removes everything that isn't a number, a period, or a comma, strips any extra commas from the beginning and end, and then explodes it into an array. The rest cycles through the array and makes sure that every value passed is actually a valid IP address. This example will actually only keep the last valid IP found. You'd probably want to run the code twice; a second time as an "else if" to pull any hits from the less-commonly-used 'HTTP_CLIENT_IP'.
                  PHP Code:
                  if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) {
                      
                  $forwardedips =  explode(',',trim(ereg_replace("[^0-9,\.]","",$_SERVER['HTTP_X_FORWARDED_FOR']),','));
                      foreach (
                  $forwardedips as $ip) {
                           if (
                  $ip === long2ip(ip2long($ip))) {
                               
                  $_SERVER['REMOTE_ADDR'] = $ip;
                           }
                      }

                  EDIT: Ignore the reply email if you got one, the code was wrong. The code above is correct.

                  Comment


                  • #10
                    Originally posted by GCC LLC View Post
                    Sorry to revive a dead thread, but I just tried doing this and had no luck. The "improved" code below fails, giving my site a blank white screen. The "generic" code that was posted first goes into global.php fine causing no errors, but my site members are still being shown as visiting from the load balancer (hardware) IP address. I'm using vBulletin 3.6.8. I'm not terribly worried about people forging their originating IP address since we don't really use IP addresses much but they're nice to have if needed. Any ideas? Thanks in advance!
                    I never actually tested that code, it was written off the top of my head, based on something I'd done in the past.

                    What error do you get in your httpd error_log?
                    Jason Litka - Utter Ramblings

                    Comment


                    • #11
                      the code is not working
                      and i asked vbulletin support, they gave me this link
                      http://www.vbulletin.com/forum/showpost.php?p=1104162&postcount=6

                      and it's not working too...

                      so no response until now..
                      anybody have suggestion to fix this problem?

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X