Problem with cookie authentication across load balancer


I am running into a nagging issue. I have 2 servers running the same app across a load balancer.

If I use the IP addresses there is no problem, its when accessing the site via the load balancer that I have problems with.

I have cookie authentication enabled ‘allowAutoLogin’=>true

I have securityManager set with validationKey=‘sameonbothservers’

This is probably something simple but Im not getting it.

How can I be sure that when the user logs in, their session will get passed back and forth between the load balancer… I assume the PHSESSID cookie value will need to be the validated correctly by both servers.

How can I check to see if this is happening.

Yii()::app()->getSecurityManager() shows that my validationkey is set correctly on both sides.

any help is appreciated.

If you’re not already using it, I think you’ll need database backed sessions when running a load balancer and set it to one db server. See CDbHttpSession