1

I'm running a Yii-app on Appfog. Whenever I try to have more than 1 instance it is no longer possible to stay signed in.

I know that multiple instances requires a shared storage for sessions, and I have implemented that using EDMSHttpSession. And it does work on localhost, that is I can sign in, restart Apache and remain signed in. Also, if I remove the session record in the database I am signed out. This makes me conclude that PHP is using the database for storing sessions.

I can't understand why my shared storage for sessions doesn't work on Appfog and I would like suggestions on how to debug this.

Some more background info:

  • I use cookies for auto login. They should be valid for 30 days (and they are according to Chrome inspector) but that never works for more then a few hours (browser session I guess) - not on localhost, not on Appfog.
  • With multiple instances and autologin enabled (that is I click "remember me") I still get kicked out randomly, usually after 2 or 3 page refreshes. As I understand a cookies should sign you in automatically regardless of server sessions?
  • On Appfog i have a SSL-endpoint, on localhost I do not.
  • I have checked that my shared session storage on Appfog is getting new sessions (looking in the database tables)

Update:

I did some tests and perhaps my results will make sence to some one.

I clear all Cookies and restart my Appfog app. I sign in, and check "Remember me". Now the following response Set-cookie headers are:

Set-Cookie:PHPSESSID=vrfoi0o15v3qps2644uqtvkfa1; path=/  
Set-Cookie:PHPSESSID=db38s1k1vp5ngll837ac0vh0u7; path=/  
Set-Cookie:73dfaf673b71b1f92d34b8ab63dab17b=812bbcfd4f5b3be91f8c85d39c3b37bb93e4c6b8a%3A4%3A%7Bi%3A0%3Bs%3A24%3A%225087ea0b3145a75545000000%22%3Bi%3A1%3Bs%3A22%3A%22demo%40playbackenergy.se%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A0%3A%7B%7D%7D; expires=Sun, 09-Jun-2013 08:32:24 GMT; path=/

In the subsequent request the request Cookie-headers are:

Cookie:PHPSESSID=db38s1k1vp5ngll837ac0vh0u7; 73dfaf673b71b1f92d34b8ab63dab17b=812bbcfd4f5b3be91f8c85d39c3b37bb93e4c6b8a%3A4%3A%7Bi%3A0%3Bs%3A24%3A%225087ea0b3145a75545000000%22%3Bi%3A1%3Bs%3A22%3A%22demo%40playbackenergy.se%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A0%3A%7B%7D%7D

I use "db38s1k1vp5ngll837ac0vh0u7" to find my session in the database. That row looks like this (note that vrfoi0o15v3qps2644uqtvkfa1 is not found in the database):

{
  "_id" : ObjectId("518cb0981045979e06000000"),
  "data" : "73dfaf673b71b1f92d34b8ab63dab17b__id|s:24:\"5087ea0b3145a75545000000\";73dfaf673b71b1f92d34b8ab63dab17b__name|s:22:\"demo@playbackenergy.se\";73dfaf673b71b1f92d34b8ab63dab17b__states|a:0:{}73dfaf673b71b1f92d34b8ab63dab17brole|s:4:\"demo\";",
  "expire" : 1368176186,
  "id" : "db38s1k1vp5ngll837ac0vh0u7"
}

Now I restart my Appfog app again and try to navigate to another page in my app.Now I get signed out.

The request Cookie-headers before redirection to login page were (the same as before):

Cookie:PHPSESSID=db38s1k1vp5ngll837ac0vh0u7; 73dfaf673b71b1f92d34b8ab63dab17b=812bbcfd4f5b3be91f8c85d39c3b37bb93e4c6b8a%3A4%3A%7Bi%3A0%3Bs%3A24%3A%225087ea0b3145a75545000000%22%3Bi%3A1%3Bs%3A22%3A%22demo%40playbackenergy.se%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A0%3A%7B%7D%7D
4

2 回答 2

1

您只要求提供有关如何调试的建议,因此您可以:

  • 向每个实例布局文件添加不同的隐藏字符串,以便您可以查看哪个实例为当前请求提供服务
  • 检查浏览器中请求/响应标头中的 cookie,以了解每个请求是否发送相同的会话 ID,以及何时从服务器发回新的会话 ID

这可以帮助您找出会话丢失的情况。

更新

  • 找出会话是否真的被破坏了,或者 Yii 是否只是让你退出。为此,请以访客用户身份向会话写入一些内容,然后尝试此信息是否在某些重新加载时丢失。
  • 禁用allowAutoLogin并查看它现在是否有效。
于 2013-05-10T07:29:29.507 回答
0

最后,感谢 Michael Härtl 的建议,我已经成功调试了这个问题。

我必须解决两件事

1) 在 protected/config/main.php 中指定一个 application-id

array(
    'name' => 'My App',
    'id' => 'yourdomain',
    ...,
)

如果你不这样做,多个实例将有不同的 id。由于 Yii 使用 app-id 的哈希值作为会话变量的前缀,它可以在不同的实例之间共享——即使你有共享的会话存储。这篇 Yii 文章更深入地解释了它:http ://www.yiiframework.com/wiki/135/single-sign-on-across-multiple-subdomains/

2) 对资产使用 CDN 以及共享 chaching。显然,此实例之间的资产文件夹(例如 3f4ad45)可能不同,因此您必须使用共享存储。我使用扩展http://www.yiiframework.com/extension/s3assetmanager/来管理资产,使用https://github.com/arondfrancis/yii-CMemCacheSASL来管理缓存(MemCachier)。

于 2013-05-26T12:05:26.853 回答