Athenticate user in a clustered env

Athenticate user in a clustered env

by Mamadou Cisse -
Number of replies: 4

Hi,

I've been running some test in a apache clustered env with a apache proxy (load balancer ) and 2 web servers (endpoints).

My load balancer has an loadfactor of 1 and each request are proxied to the other web server e.g. not the one where the request is comming from.

I'm trying to enable shared sessions between the 2 nodes (webservers) using shared memcached (1 memcache in each node)

When I login using a cas backend, I've noticed that many session are created in the memcached servers (the number of session created is variable) for one user. Question : is that a correct behaviour !?

Sometimes due to redirections moodle redirects me to /login/index.php?testsession=1234  where moodle tell me that horrible lie : cookies are not enabled in your browser,

Can anyone explain me how to set this up correctly ?

regards 

Mamadou


Average of ratings: -
In reply to Mamadou Cisse

Re: Athenticate user in a clustered env

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Mamadou,
how did you setup memcached in your Moodle instances?
It looks like the nodes are not sharing the same session.

Could you provide more details of your setup?

TIA,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: Athenticate user in a clustered env

by Mamadou Cisse -

Hi Matteo

Thx for your feedback here is my memcached parameters : 

Moodle version 2.8.3+

Server : 

memcached server version 1.4.21

memcached -l 127.0.0.1 -l 192.168.1.* -m 64 -p 11211 -u nobody

(listennig to localhost and to his private ip address with 64M of memory on his default port with the user nobody)


Client : 

config.php 

  $CFG->session_handler_class = '\core\session\memcached';

      $CFG->session_memcached_save_path = 'server1:11211,server2:11211';

     $CFG->session_memcached_prefix = 'memc.sess.key.';

      $CFG->session_memcached_acquire_lock_timeout = 120;

      $CFG->session_memcached_lock_expire = 7200;       

/etc/php5/mod-available/memcached.ini

extension=memcached.so

memcached.sess_number_of_replicas = 1

memcached.sess_remove_failed = 1

memcached.sess_consistent_hash = On

memcached.sess_randomize_replica_read = On

I use a CAS backend and phpCAS create a session after auth  which it can destroy when it got a logoutRequest from CAS server

Why moodle do not use the phpCAS session id to be sure it implements global logout and fully sso ? The session that is created by phpCAS is never used and as phpCAS do not handle logoutRequest it is never destroyed. I was wondering if that is not an issue as these sessions are never cleared...

I'll be running more tests maybe I can improve the cas backend auth.

Regards 

Mamadou 


Average of ratings: -
In reply to Mamadou Cisse

Re: Athenticate user in a clustered env

by Mamadou Cisse -

Hi Matteo 

I think I've solved it ! 

The version of php were different in the 2 nodes of my cluster so the hash method (for memcached key) may not be the same between the 2 version of php that could explain why i had so many session started in the memcached server.

I'll keep running some test

Cheers 

Mamadou

Average of ratings: -
In reply to Mamadou Cisse

Re: Athenticate user in a clustered env

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Mamadou,
TNX for sharing your updates: it will help others too!

About CAS: how did you configure your CAS auth settings in Moodle?
Did you properly configure CAS logout option and optionally Alternative logout return URL?

HTH,
Matteo

Average of ratings: -