In client-server computing environments, preserving the authenticated client session state in the event of a server failure is an important task. This is especially the case when the client is an application that is acting as an interface for a human user. If the server were to fail during the user's active session, the session would be lost and this would require the user to re-authenticate to a standby server, or another server in the processor farm. This creates a bad user experience, and worse, the potential loss of user session data.
Client session failover is complex to implement, and sometimes the solutions that are designed to provide this fault-tolerant behavior are themselves subject to failure because of their reliance on non fault-tolerant mechanisms. Additionally, session preserving solutions can be overly burdensome on the client, the server, or both devices because of requirements for additional network communications, processing, and storage.
Typically, the current approach taken is for the server to have a dedicated process that is responsible for session management. This session manager process is made redundant and distributed across the network. The context state of each user is persisted in the session manager and is then replicated either in real-time or at intervals to the other session managers. Should a particular session manager server fail, then the other servers will have the user's session state. The problem with this current solution is that it requires an excessive amount of networking calls to replicate each user's session across the redundant session managers, and results in consumption of limited bandwidth. Additionally, this type of solution does not scale well either horizontally across networking nodes, or vertically across geographies.
Another current solution that is often employed for this problem is the use of clustering. Clustering concerns the grouping of several servers that all have the same operating system, relational databases, and applications. This grouping of servers is considered logically as one. The software that manages the cluster is responsible for distributing client requests and keeping the systems synchronized. In the event that a server fails, the other servers in the cluster have the client state information, applications, and relational databases, so that processing can continue as if there was no failure. Although this type of solution is suitable for its intended purpose, this solution is expensive to deploy because of the duplicate hardware and software resources that are required.
Other current session preserving solutions rely on storing the session information on the client and having this information conveyed to the server applications during the normal client/server communications. Since in this scenario, the server is stateless, server failover causing the loss of session information is not an issue. However, this approach does have its disadvantages, since the client now must possess the logic for managing the session information. When the session state is stored on the client, the session state must be transmitted to the server for each request. Often, the server response includes yet another copy of the session state, changed or otherwise. This greatly increases the communication overhead. Additionally, storing all session information on the client requires more complex client processing to address confidentiality and integrity of the session information to insure a secure system.
Thus, the current approaches and/or technologies are limited to particular capabilities and/or suffer from various constraints.