Hi Cor, > Can't you use SSL Session ID to do loadbalancing? Assuming you force > SSL on everyone.
I am not exactly sure what you are referring to when speaking of the SSL Session ID but AFAIU the information would be encrypted (assuming the web server perform is running SSL) and not available on the proxy. I do force SSL on everyone neither at the moment (but the idea is attractive to prevent dead-broken proxies caching the JS badly and causing grief to my users on upgrade). Furthermore, I am using NGINX to perform the HTTPS encapsulation (which mean that the cookie trick works even with SSL). > It should be possible to use the API. If I look at your patch, you > can do > your set_backend() in the API call login_after. > You can use login_failed for one of your kill_backend() calls, but > the other 2 would need an added api hook. I think we might want api > hooks there anyways, so one can always clean up after a plugin in > case a user disappears. I think a 'logout' api hook would be very > welcome. Thank you for giving me more details, about how it could be done. I have a very limited understanding of roundcube internals (only what was necessary to write the patch). You most likely know better than I do what can and can not be done and if so and you think it is the way forward, feel free to change my code all together if you feel inclined to. My interest is in not supporting any out-of-tree patches on my installation :) > I dont think you'd need one in the session loss code. If they lose > their session they re-login and a new cookie would get set in > set_backend(). Make sense. Thomas _______________________________________________ List info: http://lists.roundcube.net/dev/
