Session Issue with Load Balancer Across Multiple Servers (3.71)

2 posts by 2 authors in: Forums > CMS Builder
Last Post: July 18   (RSS)

We have 4 web servers with a load balancer. We recently upgraded to 3.71 and the new SessionHandler::start() function uses fileinode() for the session name suffix, which means that each server that you hit will generate a different value. This causes unexpected logouts as well as CSRF errors and all kinds of weirdness depending on which server you happen to hit on any given request.

I changed it to use md5() as that will still allow multiple installs on the same server, but the same install dir across multiple servers will generate the same value.

$suffix    = strtolower(substr(md5(CMS_ROOT_DIR), -6));

There may be a better way to handle it.

Hit tbcshifter, 

That's great feedback, thanks.  Your fix should work just fine, and we'll update that code in the next beta to do something similar and not use fileinode().

If you run into any other issues with your load-balanced setup feel free to let us know, we're happy to make sure the codebase supports that configuration.

Thanks!

Dave Edis - Senior Developer
interactivetools.com