如何在多租户架构中维护会话属性?
对于 SaaS 应用程序,同一服务器托管多个应用程序。会话属性如何维护?详细说明问题: AppA 和 AppB 托管在同一台计算机上,我现在为 AppA 创建 UserA,为 AppB 创建 UserB。 AppA和AppB属于不同的组织,因此它们没有链接。有关用户的一些详细信息存储在 http 会话级别(直到会话超时)。因此,现在如果我使用不同的选项卡从同一浏览器登录 AppA 和 AppB,我最终可能会在 UserB/AppB 屏幕上看到 UserA/AppA 的一些详细信息,反之亦然。这样的问题如何解决呢? 我能想到的一种解决方案是创建子域,例如 appa.example.org 和 appb.example.org。还有其他/更好的方法吗?
In case of SaaS applications, where the same server plays host to multiple applications. How are session attributes maintained? To elaborate the question:
AppA, and AppB are hosted on the same machine, I now create UserA for AppA and UserB for AppB. AppA and AppB belong to different organizations so they are not linked. Some details about the user are stored at http session level (until the session times out). So now if I log in to both AppA and AppB from the same browser using different tabs, I may end up seeing some of UserA/AppA details on the UserB/AppB screen or vice-versa. How can such a problem be solved?
One solution I can think is to create subdomains like appa.example.org and appb.example.org. Is there any other/better way?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
通常,您不会在另一个应用程序中看到一个应用程序的详细信息。
创建会话时,它会在 Web 应用程序内部创建并由密钥标识。该会话 ID 存储在 cookie 中或以其他方式传递,以识别下一个请求要引用的会话对象。
如果您将此会话 ID 提供给另一个 Web 应用程序,它将找不到这些属性,因为它们位于另一个 Web 应用程序中。
现在,这就是“正常”。实际上,这可以在各个方向进行配置,例如将所有属性存储在 cookie 中(在极端的故障转移场景中非常有用),将会话存储在共享 memcached 层或共享数据库表中(然后您将在另一个中获得相同的对象)当然是应用程序),等等,等等。
Normally you will not see details from one app in another app.
When a session is created it is created inside the web application and identified by a key. This session-id is what is stored in a cookie or passed in some other way to identify which session object to refer to on the next request.
If you would present this session id to another webapp it won't find the attributes because they live in the other webapp.
Now, that is 'normally'. In practice this can be configured in all directions, like storing all atributes in the cookie (very useful in extreme failover scenarios), storing the session in a shared memcached layer or shared database table (then you would get the same object back in the other application of course), and so on, and so on.
我想出的最佳解决方案是受到这个问题的启发。我已将多个上下文指向同一个 war 文件:
这本质上与制作 myapp.war 的副本(称为tenant1.war、tenant2.war 等)相同。从技术上讲,每个租户都在运行自己的 web 应用程序,即使它们都是运行相同的代码。
如果您的用户拥有两个或多个租户的凭据,他们可以同时登录这两个租户,并且每个 Web 应用程序将获得自己的会话,因为包含会话 ID 的 JSESSIONID cookie 每个都绑定到特定的上下文路径。
这种方法有一些缺点。首先,war 文件中的所有类都会为每个租户重新加载,因此我必须密切关注 PermGen 空间。另一方面,每次有新租户出现时,我都必须编辑 server.xml。您找到更好的解决方案了吗?
The best solution I've come up with was inspired by this question. I've pointed multiple contexts to the same war file:
This is essentially the same as making copies of myapp.war called tenant1.war, tenant2.war, etc. Each tenant is technically running thier own webapp, even though they're all running the same code.
If you have users with credentials on two or more tenants, they can log on to both at the same time, and each webapp will get its own session, because the JSESSIONID cookies containing the session ID are each tied to a specific context path.
There are drawbacks to this approach. For one, all the classes in the war file get reloaded for each tenant, so I'll have to keep an eye on PermGen space. For another, I'll have to edit server.xml every time a new tenant comes along. Have you found a better solution?