[LON-CAPA-admin] cookie invalid

Stuart Raeburn raeburn at msu.edu
Tue Oct 7 10:31:56 EDT 2014


Hi Hon-Kie,

> I am trying to verify that this bug has been fixed with 2.11 but I notice
> at least one instance where the lonbalancer is not hosting the session.

The code included with 2.11.0 to support the option:
"Session hosted on offload server, after re-authentication" is working  
for both SSO and non-SSO users.

The code included with 2.11.0 to support the option:
"Session hosted on Load Balancer, after re-authentication" was not  
working as intended for either SSO or non-SSO users because the  
session would *not* remain on the load balancer server following  
re-authentication on the load balancer.

> On a related issue, on the fsuK12 domain, there is an option to set SSO
> users but none for non-sso users. All the fsuK12 are non-sso. So is there a
> way to activate the option for non-sso users?

The option to set a non-SSO configuration was only offered for domains  
where the load balancer server was the default domain for that server.

So in your case when you set the option for "Non-SSO users with IP  
mismatch" from the domain configuration for the fsu domain, that would  
also have applied to fsuK12 domain users using the loncapa.fsu.edu  
load balancer (with the URL: https://k12.fsu.edu/)

> ... Does some daemon
> need to be restart or reload if there is a change in configuration?

When a change is made to how client IP address changes are handled  
following migration for a load balancer server, the load-balancing  
configuration cache needs to be expired on any of the domain's servers  
to which the load balancer offloads, which in 2.11.0 means either:

(a) waiting for up to 24 hours,
or
(b) restarting the memcached daemon on any potential offload servers.

Anyway, 2.11.1 will contain updates to support:

(a) Expiration of the cached load-balancing settings on all of the  
potentially affected domain's servers occurs when settings for  
handling client IP address changes are modified.
(b) Setting of options for both SSO and non-SSO users for whom a  
client IP change is detected during session migration from load  
balancer for *all* domains with the same "internet domain" (i.e., not  
just for the load balancer's default domain).
(c) The option: "Session hosted on Load Balancer, after  
re-authentication" is supported.
(d) An additional option is available to set session hosting on a  
specified server (following re-authentication on that server), when  
client IP change is detected during session migration from load  
balancer.
(e) An entry will be logged in /home/httpd/perl/logs/lonnet.log when a  
client IP change is detected during session migration from a load  
balancer server.

See: http://bugs.loncapa.org/show_bug.cgi?id=6675#c4


Stuart Raeburn
LON-CAPA Academic Consortium


Quoting "H. K. Ng" <hkng at fsu.edu>:

> Hi,
>
> I am trying to verify that this bug has been fixed with 2.11 but I notice
> at least one instance where the lonbalancer is not hosting the session.
> This is what I have set the configuration (as dc) -> Set domain
> configuration/Dedicated Load Balancer(s)/SSO users from fsu. with IP
> mismatch set to session hosted by load balancer, after re-authentication
> (same setting for non-sso users). However, I got a message from a student
> who claimed that he cannot access his course and checking the logs, it
> appears, the session is not hosted by the load balancer. Does some daemon
> need to be restart or reload if there is a change in configuration?
>
> On a related issue, on the fsuK12 domain, there is an option to set SSO
> users but none for non-sso users. All the fsuK12 are non-sso. So is there a
> way to activate the option for non-sso users?
>
> Thanks,
> -hk
>
>
>
>
> On Sat, Sep 21, 2013 at 1:05 PM, Stuart Raeburn <raeburn at msu.edu> wrote:
>
>> Hi,
>>
>>  Is it possible to have the lonbalancer hosts the session if different IP
>>> address is detected? The reason is so that I don't have add another server
>>> with SSO.
>>>
>>
>> Yes. That sounds like a reasonable option.
>>
>> I have included that as an additional option for incorporation in the
>> changes to address bug 6675; see -- http://bugs.loncapa.org/show_
>> bug.cgi?id=6675
>>
>>
>> Stuart Raeburn
>> LON-CAPA Academic Consortium



More information about the LON-CAPA-admin mailing list