Load Balancing with Safari - Part 1

When running a web site that has grown to the point that it has too much traffic for a single server, it is common practice to put a load balancer in front of the servers.

Unfortunately, there are all sorts of subtle problems that crop up that you may not notice at first. Most of them come down to sticky session issues (or lack thereof) and the fact that many web apps store session data in server memory. When a browser makes a request to a new server, it doesn't know anything about that browsers session, so a new session is created in memory and the user may experience weirdness: logged out, re-authenticated, losing their shopping cart, etc.

Most load balancers can be configured for various methods of sharing traffic: round robin, least connections, etc. Also, they can usually be configured to not move a client to a new server if it already has a session on one. This can be done via IP address or a custom cookie inserted into the

This is something I observed a long time ago for Safari (ie: around version 1). I'm not sure this is Safari, per se, but OpenSSL that is responsible for the behavior. I'm pretty sure Chrome does this and I've seen some Linux browsers do it.

What I have done at the last two companies I've worked for is recommend that our clients do not use SSL SessionID as the way of tracking sticky sessions on web servers, but instead using IP address. This works in nearly all cases and has few downsides. The other solution is to use some sort of session sharing on your web servers to mitigate the issue (which also means that your web servers aren't a point of failure for your users' sessions). (One of the products I supported had no session information stored on the web servers, so we could safely round-robin requests, the other product could be implemented with a Session State Server... but in most cases we just used IP address to load balance with). The other solution is to configure your load balancer to terminate the SSL tunnel. You get some other benefits from this, such as allowing your load balancer to reduce the number of actual connections to the web servers. I've seen many devices setup this way.

One thing to consider through this is that - due to the way internet standards work - this really can't be termed a bug on anyone's part. There is no guarantee in the SSL/TLS standards that a client will return the same SSL Session ID for each request and there is not requirement that subsequent requests will even use the same tunnel. Remember, HTTP is a stateless protocol. Each request is considered a new request by the web server and everything else is just trickery to try and get it to work the way you want. You can be annoyed at Safari's behavior, but it's been this way for over 5 years by my count, so I don't expect it to change.

I like Ruby

I'm working on something at the office in which I have a client running in C# .net code and a web server running with Ruby On Rails. Occasionally, when switching between them, I'll sometimes think of a Ruby solution to some code I'm writing in C#.

Recently, I had a loop that looks like this:

bool matchedOne = false;

foreach ( ScalarMatch match in MatchSet.Matches )

{

if ( match.PerformMatch(check) )

{

matchedOne = true;

break;

}

}

if ( ! matchedOne )

return null;

And I realized that the Ruby method would look like this:

return nil if not matchSet.matches.all? {|m| m.performMatch(check) }

I like Ruby.

Christmas Cards - better late than never

I suppose we could claim we're just really early for next year.  Oh, except that the date is on the pictures.  Oh well.

Yes, we got cards out about a month too late.  We were so on the ball at first.  We went to Sears Portrait Studio, let them talk us into getting their cards instead of making our own... and then it started to slowly and subtly fall apart.

First, it took us at least a week after the date we could have picked up the cards before we actually picked up the cards.  Sadly, we were at the mall at least twice before that... we just forgot.

The "the snow" happened.  I'm sure everyone knows what I mean by that, but just to make the point again, we had snow on the ground for something like 2 and a half weeks.  That delayed packages, it rescheduled a play that we were going to see (Wizard of Oz at the Children's Theater, very good, by the way) and it screwed with our sense of time.  (Our kids were out of school for three weeks instead of two and, for that first week were bouncing off the walls... we realized a week too late that the day care center was, in fact, open.  We just assumed they would be closed when the school district was closed.  Oops.)  Dawn and I both worked a bit more over the holidays than we might have otherwise, because of the weather and needing to have someone in the office.  I worked overnight twice, which really messes with your internal clock.

We actually got the cards home a few days before Christmas, if I remember correctly.  Then they got lost in the paper trap that we call a desk.  They remained there, forgotten, until the first week of January.  When we decided to take a look at the list of people to send to, it only took an extra hour of looking before I found the cards again and less than two hours after that we had them all addressed, stuffed and stamped.  Whew!

Then they sat in the car for two weeks...

Christmas 2008

Christmas in 2008 was weird.  The snow here in Portland was so out of the ordinary that we didn't have things happen quite the way we expected them to.  A few presents that we intended to get were left out (I never got back to the store after I decided what I was going to get Dawn... and it's not like I left it until the last minute!).  Also, we ended up getting packages out to family late, and things sent to us arrived late as well.

Here are some pictures of Christmas Day.

In fact, we ended up having a "second" Christmas this year, on New Year's Eve.  It was good timing, actually, as we had gotten the package from my mom a couple days previously and, about a half hour after we opened those things, the package from my brother arrived.

Oh, and one more note: One of Bryana's presents came with a promotional DVD of space came.  Between that and the space helmut, Bryana has now decided that she wants to go to space camp earlier than she had wanted to before... so that may be only a year or two out as an adventure for her.