Monday, 15 August 2011

security - remember me functionality with specific server topology -


I am implementing the "remember me" functionality for the customer of my product and some stuck with it. Here's what we have:

  • 3 different servers that do not meet each other.
  • A customer whose "Remember me" functionality is required and that is 3 servers in one log.
  • An example that redirects users, does not know anything about authentication or user credentials.

    So can you, please give me how can I "remember me" in my case? Adding passwords in cookies is acceptable, but not desirable

    If you want more information about something, please ask, and I will try to provide it.

    Thanks for everyone for your suggestions!

    This is usually done by all three servers using a normal session storage backend , Such as databases or memcatch

    If you can not easily apply normal sessions, you can adjust the code on the redirect server to store the server's server ID, it was selected to redirect to a cookie. Do not keep a password in any cookie. For example:

      A new hit arrives in the cookie: Next to the cookie indicated in the other server: Choose a random server set cookie with the server ID you chose The code was forwarded to that server    

No comments:

Post a Comment