Web 场共享 SQLServer 会话状态的登录问题
根据我昨天发布的问题,我们网站的 DNS结构已更改为循环 DNS,它实际上在两个生产服务器之间来回交换。我们两个产品服务器的 web.config
具有:
指向相同的共享 DB- A
machineKey
code> 在每个服务器上,两者之间保持一致(这是我昨天帖子的要点)。 - [更新]
标签中的相同域
当我们在网站上使用登录功能时,登录实际上向第三个网站发出 Web 服务请求来验证用户身份。如果结果响应表明登录成功,则我们使用 FormsAuthentication
来登录用户:
FormsAuthentication.SetAuthCookie(strUserID, true);
我们的问题是,在某些页面上我们看到我们已登录,而在其他页面上则没有。这是否表明我们没有完成在两个产品服务器之间共享会话的最后一步,或者我们的 SQL 服务器会话数据库可能被破坏?
预先感谢
更新: 我们确定用户是否登录的代码非常基本:
HttpContext.Current.User.Identity.IsAuthenticated
更新 2:
当我点击 prod1.mysite.com (或 prod2.mysite.com)时,我得到一个名为 "ASP 的 cookie .NET_SessionId”
,但是当我点击实时公共 URL www.mysite.com 时,我没有得到这个 cookie。这是问题的一部分吗?
解决方案:
事实证明,我们在这里所做的一切都是正确的,并且由于 Akamai 的缓存配置,我们使用 Akamai 的实时站点正在以各种状态进行缓存。在服务器之间共享您的登录状态已被证实可以正常工作。
Per a question I posted yesterday, our website's DNS structure has changed to round-robin DNS which literally swaps back and and forth between two production servers. Our web.config
for both prod servers has:
<sessionState mode="SQLServer" ... >
pointing to the same shared DB- A
machineKey
on each server that is consistent between the two (this was the main point of my post yesterday). - [update] The same domain in the
<forms domain=".mydomain.com" ... >
tag
When we use the login feature on the site, the login actually makes a web service request to a 3rd website that authenticates a user. If the resulting response says it was a successful login, then we use FormsAuthentication
to log the user in:
FormsAuthentication.SetAuthCookie(strUserID, true);
Our issue is that on some pages we see we are logged in, others we're not. Is this something indicative of either us not completing a final step to share session between two prod servers or could our SQL server session DB be broken?
Thanks in advance
UPDATE:
Our code to determine if the user is logged in is quite basic:
HttpContext.Current.User.Identity.IsAuthenticated
UPDATE 2:
When I hit prod1.mysite.com (or prod2.mysite.com) I get a cookie called "ASP.NET_SessionId"
but when I hit the live public URL, www.mysite.com, I don't get this cookie. Is this part of the problem?
RESOLUTION:
It turns out that everything we did here was all correct and that our live site which uses Akamai was being cached in various states due to Akamai's cache configuration. Sharing your logged in state between servers has been confirmed to work.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以做的一件事是使用 Firefox 的 Firebug 插件来确保登录后将身份验证 cookie 按预期发送到浏览器,尽管您看到您在某些页面上登录,但我希望这是这样案例。
另一件需要检查的事情是身份验证 cookie 的域设置是否正确,并且它对您网站上的所有页面都有效。
这通常是在表单标签中的 web.config 中设置的,如下例所示,并且在网络场中的每台服务器上应该相同。
如果这一切都是正确的,那么会话可能没有在您的服务器之间正确共享,尽管您在问题中描述的设置似乎涵盖了所需的内容。
One thing you could do is use the Firebug add-on for Firefox to ensure that the authentication cookie is being sent to the browser as expected after logging in although as you are seeing that you are logged in on some pages I would expect this to be the case.
Another thing to check would be that the domain is set correctly for the authentication cookie and that it is valid for all pages on your website.
This is typically set in you web.config in the forms tags, example below and should be same on each server in the web farm.
If this is all correct then it is possible that session is not being shared correctly between your servers although the settings that your have described in your question appear to cover what is needed.