How to synchronize sessions using Amazon Web Services (AWS)?

Question

We're using Amazon Web Services (AWS) and we have multiple web servers and a load balancer. The problem with the web servers is, that the $_SESSION is unique for each one. I'm keeping some information about the user in the $_SESSION.

What is the proper way to synchronize this information? Is there any way to unite the place, where those sessions are being kept, or should I use MySQL to store this data (I don't really like the last option)?

Answer 1

I think what you are looking for is 'Sticky Sessions'. If I'm right about that, Amazon gives you two different options.

Load Balancer(duration-based, I recommend this one) http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_StickySessions.html#US_EnableStickySessionsLBCookies

And application based session stickiness http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/US_StickySessions.html#US_EnableStickySessionsAppCookies

Answer 2

To add to the above answer, what your looking for a distributed cache like DynamoDB which is a paid amazon service. Its amazingly fast and brilliant to use but if you are look for some other open source alternatives you can look at the following memory read/write options.

1. Memcached - Ideal for high read/write ratio. Lightweight and great support from developer community.
2. JCS - Java caching system - great flexibility and good for systems that face a low read/write ratio. Also its great to customize replication and depending on the level of stickiness, this can invariably be as fast as a simple memory read/write for a web app as the ELB maintains some level of stickiness. So once a session is directed to the other instance, only then would the session information would be copied over. We use this and have been getting good results so far.
3. EhCache - Established caching framework but their distributed cache offering is not entirely free to use. May be an overkill as it assures complete replication which may not be really needed in this case.

Answer 3

While conceptually similar to the MySQL option you are trying to avoid for some reason, a pretty appealing option for usage within Amazon Web Services (AWS) is the recently introduced Scalable Session Handling in PHP Using Amazon DynamoDB, which addresses that Typical session handling in PHP is not scalable, thus requiring some kind of custom solution anyway:

Sessions are used to preserve short-term data across multiple HTTP requests [...]. PHP’s native session handler stores session data to the local file system; however, this approach becomes unreliable in distributed web applications. On subsequent requests the user may not be routed to the same server causing the data to be effectively forgotten. The user will be logged out and confused.

To overcome this issue, PHP developers have implemented custom solutions for storing their users’ session data using databases, shared file systems, Memcache servers, tamper-proof cookies, and other storage mechanisms. [...] [emphasis mine]

Depending on your use case you might want to give this potentially very fast session store a try accordingly.