| Re: PEAR Auth package woes [message #178387 is a reply to message #178384] |
Tue, 12 June 2012 19:05   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 6/12/2012 1:38 PM, Eli the Bearded wrote:
> In comp.lang.php, Jerry Stuckle<jstucklex(at)attglobal(dot)net> wrote:
>> On 6/11/2012 8:32 PM, Eli the Bearded wrote:
> [snip, see previous article]
>> That's because cookies are only sent to the originating domain for
>> security reasons.
>
> You totally missed the problem, so perhaps I didn't explain it properly.
> I have one web site that is served by four web servers for redundancy:
> two colos with two machines per colo. The intent is to reduce the chance
> of a single point of failure taking down the site.
>
> All four webservers are responding to the same hostname. There are
> two IP addresses, one per colo, and load balancing between servers
> within each colo.
>
> I've been using this setup just fine for years, but now I want a small
> password protected area. Using the PEAR Auth package I've created it,
> but cookies set on web-server-1.colo-1.internal.name do not work on
> web-server-2.colo-1.internal.name or web-server-3.colo-2.internal.name.
>
> For testing purposes I've made the Auth package talk to a single
> database server, thus introducing a single point of failure into this
> section of the site, but that has not helped. Login works on all
> four machines, and when I pull DNS tricks to make all my traffic go
> to any single machine of the four, the Auth works. As soon as I jump
> to another host, it wants me to login again. With a 600s TTL on the
> DNS, jumping between colos happens fairly quickly, so I can't just
> rely on the load balancers providing stickiness.
>
> Is there a way to get the Auth package to accept it's own cookies
> that just happen to have been set on a different server? If so, how?
>
> Elijah
> ------
> posted a code snippet up-thread
>
No, I didn't miss the problem. It's not the package not accepting the
cookies - the browser won't send a cookie to a domain other than the one
it was loaded from. So a cookie set on your first host, the browser
won't send the cookie to the second host. This is for security reasons.
And the PEAR Auth routines use cookies to maintain the authentication
information. This is why it worked when you fooled with the DNS and
failed when you had different subdomains.
Now, if the are all on the same domain but different domains, i.e.
www1.example.com and www2.example.com, you can use
session_set_cookie_params() to set the domain for the session cookie so
that it will be sent to any of the subdomains. For a single cookie, you
would use setcookie().
But I also don't know if you can use it with the PEAR routines.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]