• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

HTTP sessions over multiple IPs?

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    HTTP sessions over multiple IPs?

    That is possible isn't it?

    Web servers (apache or tomcat etc) will resolve the session despite IP change, I'm pretty sure that is the case but can't find anything definitive.

    Cheers

    #2
    Better to put it on a VIP...

    Comment


      #3
      What do you want to achieve? Load balancing? Round robin?
      <Insert idea here> will never be adopted because the politicians are in the pockets of the banks!

      Comment


        #4
        Doing a stat/usage/analytics layer thing on a web application. I am basically trying to work out the domain model, it could be

        request->session->Ip

        or

        session<-request->ip

        I that makes sense, I want to know if I should keep checking the session for IP changes and if they do change that requires my DB and object model to reflect.

        I believe that AOL used to change the IPs constantly but I am not sure.

        Comment


          #5
          Originally posted by minestrone View Post

          I that makes sense, I want to know if I should keep checking the session for IP changes and if they do change that requires my DB and object model to reflect.
          Forgive my ignorance but why would you want to do that? Assuming you are using a web application on a server farm with multiple IP addresses, I would give for granted that the servers are clustered and therefore you either have cookies (managed by the web client, ie the browser) or session id's, managed by the server farm.

          I don't see the point of checking for IP changes. Correct me if I am wrong, once the browser has engaged in a http session, it should keep state with one IP address only, unless you want to change that behaviour. If the server farm is load-balanced, then the load balancer will do that job for you. IP layer and application layer are not the same.

          Is your client Google or Amazon?
          <Insert idea here> will never be adopted because the politicians are in the pockets of the banks!

          Comment


            #6
            I am not sure that the session will keep with one remote IP, in fact I am pretty sure that it can change over the session ( but not 100% ) and need to know to make the DB relationship one to one or one to many.

            Comment


              #7
              I get the impression you're talking about the clients IP changing rather than server? Yes AOL used to do this as they ran a huge proxy farm that didn't stick clients. You'd be right not to assume the client IP is constant as there are a few reasons it may change even with non-persistent sesions.

              The cookie values may also change mid-session, there are security reasons to do this. No idea how common it is though, been ages since I did much web coding.
              Last edited by smatty; 17 October 2013, 17:10.

              Comment


                #8
                * puts tech hat on *

                Gotta be careful here, if your app is behind a reverse proxy or some kind of load balancer, all of the users may appear to come from one IP address.
                Also, remember that many users may be behind their own corporate forward proxy and that will also constrain the number of clients IPs you can identify.
                Implanting a session cookie from the app may be the way to go.

                * removes tech hat *

                Comment


                  #9
                  I think he just wanted confirmation that web servers like Apache are not fussed about the client IP changing.

                  The answer is, they couldn't care less.
                  It's down to the web app that is being accessed to use cookies, sessions or whatever else. The actual web server just accepts the http connection and reads any cookies or url parameters passed and forwards the data to the web app.
                  Don't believe it, until you see it!

                  Comment

                  Working...
                  X