Load Balancing And Sessions

I will eventually be needing to do load balancing on a large scale WebApplication.
I’m just want to make sure that this wont cause issues with sessions.
If a user opens a session can I be sure that all calls to the controls are going to make it the proper server that knows about its session?
I’m okay with them opening a new tab/window and it going to a different server but I’m curious if this would happen(?)

Any other “gotchas” or things to be worried about?

There’s a cookie set called sessionid on the client side which can be used by load balancers to make sure that browsers always connect to the same instance.

Is this something Xojo sets and handles automatically? I was just going to set up a Round Robin DNS through our GoDaddy account. I know there’s better load balancing out there but this seemed easiest.

We can’t do anything automatically because every load balancer is different. You must use something that supports and HTTP cookie mechanism. For instance, Rackspace has an advanced setting described thusly:

Is there more information about load balancing and Xojo?

We could sure use a comprehensive blog post, PDF or webinar to cover the growth path for a Xojo-drive web app.

I think it’s standing in the way of people adopting Xojo whole heartedly for web app development.

No matter how much demoing & prototyping you do, the remaining question is always “but how does it scale? what do we do to manage growth? what’s going to break first?”

You mean Xojo hosted ?

I think the right guys to comment on scaling etc are Greg & Travis
Travis did that session at XDC
You should have been there (maybe next year ?)

There was a very interesting discussion a while ago

Where using different instances and a dispatcher app was discussed. Seemed both elegant and easy.

There was also a discussion https://forum.xojo.com/12264-have-people-tested-the-xojo-web-s-performance
where a member reported having tested an app up to 500 concurrent users.

[quote=123812:@Norman Palardy]You mean Xojo hosted ?

No, self-hosted.

[quote=123812:@Norman Palardy]I think the right guys to comment on scaling etc are Greg & Travis
Travis did that session at XDC
You should have been there (maybe next year ?)[/quote]

Yeah, woulda if I coulda… hoping for next year. In the (rather long) meantime, searching for what I can find

[quote=123799:@Steve Upton]Is there more information about load balancing and Xojo?
We could sure use a comprehensive blog post, PDF or webinar to cover the growth path for a Xojo-drive web app.[/quote]

I wrote this post a while back on load balancing and server configuration. It has some links to xojo forum posts as well. I did experiments with both nginx and haproxy and in the end I found that haproxy was the better choice for me. The blog post only covers nginx. I never updated it with the haproxy config information because I didn’t feel there was much interest. I now think it is easier to handle the routing using cookie injection with haproxy.

Check out the post and feel free to comment or contact me.
I can also write an update post about haproxy if you have interest. It is pretty straightforward to set up and works extremely well.

Brock - I have only encountered two issues in load balancing (this is regarding stand-alone apps):

  1. maintaining session
    This is the most obvious. You need to use some method to keep requests from the client routing to the same instance of the app in the load balancing pool. Using nginx I found the easiest way as IP hashing. But if you have a client behind NAT (like a network of users in the same office) they all can look like they are coming from the same IP - which defeats the load balancing. So I switched to haproxy which allows very easy cookie injection. I found it best to create a separate cookie just for routing with the load balancer and inject it into the header. It works perfectly and seamlessly.

  2. keeping connections open
    The load balancer may not keep connections open between specific instances of the app and the end user at the same time-out values as the app itself. This can also cause the session to terminate (You get the “application went offline” message). You have to play around with the values to keep things working.

With the two above issues addressed I have not run into any other issues so far. My web apps are written clients in-house use, so the NAT/IP address issue was a deal-breaker for me with nginx. That got me to try haproxy. But once I tried it, I was hooked.

Hope this helps.

Thank you very much @John Joyce !
Haproxy definitely seems the way to go. I’ll start doing some research into what all need to do to set it up and how I need to configure my web session cookies. If you have any time to write a blog post for Haproxy or provide any other tips/details on configuration and set-up I’m sure there’s more people than just me that would appreciate it :slight_smile:

I second that


OK - I have written an updated post with my Haproxy configuration. Take a look and let me know if you have any questions. I can always add to it or make another post if necessary.

Please let me know what you think http://john-joyce.com/xojo-and-load-balancing-with-haproxy/


Here is a super simple little app so you can see the Load Balancing in action (to some degree).


This app just generates images and loads them every second on a timer. It shows you how many sessions are connected to that app-instance, where they are coming from, and more importantly the load on all of the different instances (there are 6). If you quit your browser and restart you should see that you are directed to a new server, or alternately if you open two different browsers you can also see it (like safari & chrome) Look for App.Port to see which instance you are connected to on the back-end.

Who wants to help me test it out? Check it out and let me know your thoughts.

John, it seems the server isn’t responding :slight_smile:

Works now. Cool :slight_smile:

Sorry - firewall was still blocking, try again now please - thanks!

I have a wildcard SSL certificate and my front end needs to be setup dynamically. Do you know how this would work?
Essentially we board several new customers a week. They each get their own URL:

Secondly, I’m curious if I can set up the SSL certificate on Haproxy and then have Haproxy pass the requests unsecured to the Xojo apps within my VPN. Would this work?

In your app you can check the Session Headers http://documentation.xojo.com/index.php/WebSession.Header for the host parameter and then write your logic to handle it however you want. You end up with one app that responds to all hosts directed at it in whatever way you decide.

Yes. You can set up ssl termination on Haproxy pretty simply by adding something like the following to your front-end config

bind *:443 ssl crt /path/to/cert.pem. The requests between Haproxy and the backend Xojo apps are NOT encrypted but the connections to the user ARE encrypted.