1. Field of the Invention
The present invention relates generally to network servers and, more particularly, to techniques for maintaining consistent server-side state among collaborating servers with independent state repositories.
2. Discussion of Related Art
The World Wide Web (WWW or Web) is the aggregate of autonomous, heterogeneous, distributed, collaborative, hypermedia information systems existing on the underlying global computer network known as the Internet. Since 1990 the Web has served as the basis for the construction of a multitude of constituent information systems (“Web sites”), providing countless applications in areas ranging from content publishing to electronic commerce.
Current Web sites are implemented with server computers (“Web servers”) which are accessed over the Internet by client computers (“Web clients”) using the Hypertext Transfer Protocol (HTTP) or its encrypted form (HTTPS). There are many public documents describing various versions, features, and aspects of HTTP. Use of the term “HTTP” herein should be understood to encompass all such versions of HTTP in both its clear and encrypted forms.
A typical interaction between a Web client and a Web server includes several HTTP transactions. For example, when a user of the Web client desires to access a resource on a particular Web site, the user operates Web client software (generally referred to as a “browser”) and indicates a Uniform Resource Locator (URL), which specifies the location of the resource on the Web. From the URL, the browser determines the Internet Protocol address of the Web server for the site and establishes communication with the Web server program at that address. The browser then sends an HTTP request message to the Web server program, containing the URL as well as further metadata and parameters concerning the request.
The Web server program, in turn, resolves the request according to the nature of the resource identified by the URL. This process may be as simple as fetching a static file, or as complicated as executing further application logic to dynamically produce a response. In either case, the resolution (called a “Web page”) is downloaded, along with further metadata regarding the outcome of the transaction, in an HTTP response message from the Web server program to the browser. The browser interprets the HTTP response and typically renders and displays the page to the user.
In most Web sites, such pages are hypermedia (often authored in Hypertext Markup Language, HTML), including embedded URL's referencing other pages. If the user selects such an embedded LRL (a “hyperlink”), a new HTTP request is formulated and the process repeats. In this way, multiple interactions like these may occur over time to constitute a cohesive experience of the Web site by the user. Such a collection of consecutive, experientially cohesive interactions with a Web site is called a “session”.
As is known, the HTTP protocol is inherently “stateless,” which means that an HTTP request contains no information about the outcome of a prior request. Therefore, a Web server communicating with a client computer cannot rely on HTTP for maintaining state over a session (i.e., storing information relating to the user's overall interaction with the server, such that the information can automatically be accessed by the server, as needed when handling subsequent user requests within the same session, without further user intervention). Many Web sites are thus faced with the problem of maintaining such “session state” over HTTP, in order to provide a rich, personalized, seamless user experience. There are numerous techniques known in the art which resolve the problem of session state maintenance between a single Web client and server. These include techniques for storing session state information at the Web client (called “client-side session state”), as well as techniques for storing session state information at the Web server with reference from the Web client (called “server-side session state”).
In client-side session state solutions, when the server program creates session state information in the process of handling an HTTP request, it provides the data to the browser for retention, as part of the HTTP response. The information is provided by the server program in such a manner that the browser will automatically provide it back to the server program in any subsequent HTTP request(s) whose server processing requires the information. In this way, the client “remembers and reminds” the server of the session state information it needs.
Client-side session state solutions are enabled using various techniques known in the art. Perhaps the most popular example is the use of HTTP cookies. Specifically, when the Web server desires to store state data client-side, it includes a named data element (the “cookie”) within the HTTP response for the Web page. This element contains the state data to be retained by the client; it also specifies the scope of the data in terms of its duration, path, and network domain. In turn, the client includes the cookie within each subsequent HTTP request that conforms to that scope, so that the state data can be accessed by the responding server each time from the cookie contained in the request.
Other known techniques for enabling client-side session state include hidden HTML form arguments and URL-embedded arguments (e.g. query strings). With these techniques, the Web page content is created and returned by the server such that certain hyperlinks within it are pre-loaded with the state data the server desires to store, such that the data will be included in the subsequent HTTP request made by the client should the user select the hyperlink. The responding Web server can then obtain the state data from the hidden HTML form argument or URL contained within the request.
Generally, however, the various client-side constructs suffer shortcomings relating to security, size, and/or performance. With regard to security, all of the client-side constructs are open to inspection and modification by nefarious clients, simply due to the fact that the data is exposed to the client for retention and transmission back to the server. With regard to size limitation, most of the client-side constructs are problematic when data to be stored exceeds a few kilobytes. For example, URLs have undefined size limits but in practice many Web clients, servers, and proxies expect them to be no more than one or two kilobytes in size. As another example, it is known that cookies are generally limited to a size of 4K bytes. The number of cookies themselves, and the total size of all cookies retained by a client, have similarly narrow limits. Finally, with regard to performance, the client-side constructs all involve two-way exchange of state information across the Internet, which for large state data especially may entail undesirable delay. These considerations all serve to make client-side session state more suitable for small, non-sensitive state data elements.
As is further known, these shortcomings with client-side session state have made server-side session state solutions attractive to many Web sites. With server-side session state, when the server program creates session state information in the process of handling an HTTP request, it stores the information locally (that is, on the Web server itself or on a companion computer, such as a database server). The information is stored under a unique reference for the particular user's session. This reference (commonly called a “session ID”) is what is then exchanged with the browser, per any of the devices enabling of client-side session state solutions. The session state information itself is stored server-side, typically using such interprocess storage devices as a database, file system, or shared memory. Because these devices are not size-limited to the degree the client-side constructs are, scalability shortcomings are overcome. Furthermore, because the state data is retained local to the Web server (or a nearby database server), security and performance issues are similarly avoided vis-a-vis client-side session state. (Only the session ID is retained client-side in server-side state solutions, and because it is a small and typically authenticated piece of data, the issues with client-side state do not pertain to it.)
While the foregoing discussion addresses session state maintenance, it is further recognized in the art that the same problem characterization and solution techniques pertain to maintenance of persistent state data, when seamless continuity in such data is desired within a session, as well as across a same user's multiple sessions as well. In this regard, persistent state data (like session state data) is merely information relating to a user's overall interaction with a Web server and stored so as to allow for automatic access by the server when processing future requests from the same user. But persistent state data (unlike session state data) is desired to endure beyond the termination of a user's session, into the same user's next session. As is known, this is the only essential difference between maintenance of such persistent state and that of session state. Because this is a difference in merely the time-extent of the desired maintenance, the same problem characterization and solution techniques are known to generally pertain to both, and thus the preceding discussion on session state maintenance can be applied to persistent state maintenance as well.
Furthermore, and on this basis, references in this document to “client-side state” and “server-side state” should be understood as referring generally to session and persistent state, in their client-side and server-side forms (respectively), unless otherwise specified. Likewise references in this document to “state” without further qualification or context should be understood as referring generally to all forms of client-side and server-side session and persistent state.
Turning now from the preceding discussion of Web state maintenance, as the number of users increases, a typical Web site may not be able to handle all users' requests using a single server, but rather has to employ a pool of servers to handle user requests. Servers in such a pool are referred to as “collaborating,” and a simple example is illustrated in FIG. 1A. Specifically, FIG. 1A illustrates a client 110 and a pool of Web servers 120n (where n=A, B, C, . . . ) connected by a computer network 130. In some cases, all of the collaborating Web servers 120n provide the same set of services redundantly (where the redundancy is purely for purposes of accommodating large numbers of users). For example, servers 120n might all provide a company's online product support services. In other cases, however, it is advantageous to offer servers providing different sets of services to the same users. For example, servers 120A and 120B might redundantly provide a company's online product support services, while server 120C might provide the company's online product catalog, and server 120D might provide the company's online product store.
When a pool of collaborating Web servers is used to comprise a Web site, it is often desired that certain session and/or persistent state data be transparently held in common across the servers in the pool, to varying degrees. For example, the state data to be maintained consistently might comprise all of the state data accumulated over the course of a user session by the collaborating Web servers 120n within the pool. But in other cases, just a common subset of the state data might be involved. Indeed, in some of these cases, there might be multiple such subsets, each needing to be shared independently among particular services. To build on the prior example, only servers 120A and 120B (the product support service) and server 120D (the product ordering store) might share product order history data. Only servers 120D and 120C (the online catalog) in turn might share product preference data. And all four servers might share user registration data. Furthermore, depending on how heterogeneous the Web servers and their services are, different data formats might be used internally within each Web server for those state objects which are held in common.
Thus, maintaining one or more state objects consistently across one or more (possibly heterogeneous) Web server collaboration pools becomes necessary to transparently share the appropriate sets of state data among the appropriate Web services. A principle advantage of client-side state is that this requirement generally does not present a problem. With regard to session state, since there is only one client per session (by definition), any of the client-side techniques, which arrange for data to be stored at the client and then automatically transmitted to a Web server as the user navigates, naturally provide for transparent sharing of session state data. And with regard to persistent state, so long as the same client is used across multiple sessions, with a client-side state technique that allows for extension across such multiple sessions (such as HTTP cookies), client-side state naturally provides for transparent sharing of persistent state data, too.
For example, it is known that an HTTP cookie may be set by one particular server 120A in the collaboration pool 120n such that its scope is all servers within the pool. Consequently the cookie will be automatically transmitted within each HTTP request made by the client to another server 120D in the pool, which will then be able to access the data stored by 120A accordingly. As is further known, the duration of this behavior can be specified via the expiration timestamp assigned to the cookie, as appropriate for the nature of the data being shared (session-transient or persistent). Accordingly, session state data may be transported in a cookie which is set to expire at the end of the session (or which expiration is defined to mark the end of the session). And persistent state data may be transported in a cookie set to expire well past the end of the session—if ever.
However, the shortcomings of client-side state, and the resulting widespread employment in the art of server-side state, have been noted above. Yet if state is maintained server-side for a particular duration (whether session or persistent), either the client must always connect to the same server for at least that same duration, or server-side state must somehow be shared among all collaborating servers 120n in the pool. Specifically, even though the session ID component of a server-side state solution, transported in client-side state, is thus inherently shareable across the pool as noted above, the actual state data referenced by the session ID and retained server-side is not, wherein arises the present problem.
As illustrated in FIG. 1B, some prior art collaborating Web servers employing server-side state address the problem by sharing a single server-side state repository 125 amongst themselves (such as a database server used by multiple collaborating Web servers as the joint repository for their common server-side state, whether session or persistent). Since the problem of maintaining consistent server-side state only appears with multiple Web servers which use independent server-side state repositories, this solution approach side-steps the problem by employing a single repository 125. However, the performance of such systems does not scale well across a wide network area, as the size of the state data grows while the collaboration pool becomes geographically dispersed. (Indeed, the performance shortcoming in this case is reminiscent of that of client-side state, discussed previously.) Additionally, using a common server-side state repository 125 introduces a point-of-failure vulnerability, which in order to be addressed leads to complex failover requirements. Certainly an attraction of independent server-side state repositories is their insulation from failures in other repositories, and hence the insulation of each Web server in the pool from failures of other servers in the pool.
Other prior art collaborating Web servers employing server-side state (e.g., collaborating Web server 120A) may share state data by broadcasting any changes in the state data to all other collaborating Web servers (e.g., collaborating Web servers 120B, 120C and 120D), as shown in FIG. 1C. Thus, unlike in FIG. 1B, each Web server continues to maintain its own independent rendition of server-side state; consistency between them is accomplished by “echoing” updates to all when the client performs an action on one that affects its server-side state. While this approach works satisfactorily when the number of collaborating Web servers is small, it becomes increasingly more impractical in terms of performance when the number of collaborating Web servers and/or the amount of state data shared among the collaborating Web servers grows.
Such a broadcast approach also assumes that the user is certain, or at least likely, to navigate across all collaborating Web servers 120n subsequent to the replication broadcast. The system thus proactively undertakes such replication to each collaborating Web server 120n in the expectation the user will soon navigate to each. Since replication of state to any particular collaborating Web server 120D will, by definition, have been unnecessary unless the user does in fact subsequently navigate to that server 120D, the broadcast approach essentially gambles on future user navigation. However, user navigation across the World Wide Web is inherently unpredictable. If a user declines to navigate to a particular collaborating Web server 120D subsequent to the broadcast, whatever work was undertaken by the system to replicate the state data to that server 120D will have been wasted.
As a result, there is a need for an improved system for maintaining consistent server-side state amongst stateful, independent Web servers that overcomes these limitations.