DynamoDB를�이용한�PHP와�Django간��

세션�공유

피플펀드컴퍼니��CTO�강대성

발표자�소개�-�강대성�

컴퓨터�전공,�경제학�부전공�

게임회사�3년�-�MMORPG�Server�통신회사�2년�-�인사관리시스템�금융회사�6년�-�해외선물,�FX거래�시스템�

록앤올(김기사)�2년�-�교통정보�분석,�도착�예정시간�예측�피플펀드컴퍼니�2015.9~�-�IT에�관련된�모든�것�

취미�아이스하키�대한아이스하키협회�심판�2007~

Session�이야기�전�Hyper�Text�Transfer�Protocol부터�

Hyper�Text�Transfer�Protocol�하이퍼텍스트�전송�규약�

URL�Example)�http://www.peoplefund.co.kr

HTTP는�요청과�응답이�기본�

1.�Client가�Network�연결요청�2.�Client�Send�:�“GET�/”��3.�Client�Receive�:�서버에서�보내준�응답코드와�데이터�

$ telnet www.peoplefund.co.kr 80 Trying 54.230.249.173... Connected to www.peoplefund.co.kr. Escape character is '^]'. GET / HTTP/1.1 Host:www.peoplefund.co.kr

HTTP/1.1 301 Moved Permanently Content-Type: text/html Content-Length: 185 Connection: keep-alive Cache-control: no-cache="set-cookie" Date: Wed, 12 Oct 2016 09:32:09 GMT Location: https://www.peoplefund.co.kr/ Server: nginx/1.8.0 Set-Cookie: AWSELB=B767911E04A99448F556239B476475AFDB72146E1ABCB8CFD11579EEEDBB3584E589A5BFCD5F4F7BC97980B65 50238C25A98B832279B887AABB51135C6BA6A4573B44E3E;PATH=/ Strict-Transport-Security: max-age=4227 X-Cache: Miss from cloudfront Via: 1.1 83c6b175725bb99d681119f66901f43f.cloudfront.net (CloudFront) X-Amz-Cf-Id: HgqIla-fhj-A1QX_cXxA7844M_CV1bnoUoIoLfUZPp04WawpEdqIMA==

<html> <head><title>301 Moved Permanently</title></head> <body bgcolor="white"> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx/1.10.0</center> </body> </html>

TCP/IP�접속�

HTTP�요청

HTTP�응답

HTTP�

접속,�요청,�응답,�끊음�(무엇인가�또�필요하면)�

접속,�요청,�응답,�끊음�(무엇인가�또�필요하면)�

접속,�요청,�응답,�끊음�

*�keepalive를�사용하면�일정시간�동안�네트웍�끊음을�방지하고�다음�요청을�보낼�수�있음

사용자�인증

HTTP�+�사용자�인증�

접속이�끊고�다시�접속하면��같은�사용자를�어떻게�증명?

Cookie�:�HTTP�Server가�Client에게�요청하는�

�작은�기록�정보�

Server�to�Client�:�“Set-Cookie:User=1024”�Client�to�Server�:�“Cookie:User=1024”

All�Input�is�Evil�(모든�입력은�악랄함)�

평범한�유저�:�“Cookie:User=1024”����악성�유저�:�“Cookie:User=1246”���������������������“Cookie:User=1247”

Cookie�는�사용자�인증에�부적절�

암호화�해도�적절하지�않음

HTTP�Session�

고유한�값을�사용하여�Client를�구분하고,��서버에는�고유한�값과�매칭된�값을�저장�

고유한�값�예제�:�88qtlekagmmap8ir3denn3ogu4

Session�Key를�Cookie�설정�Server�to�Client�:�Set-Cookie

첫요청

첫응답

Client�to�Server�:�CookieSet-Cookie를 받고 난 후 요청

유일한�값을�서버에서�할당,��“88qtlekagmmap8ir3denn3ogu4”�

Client를�구분하는�용도로�사용.

PHP는�기본적으로��Session은�서버에�파일로�저장�

ex)�/var/lib/php5

피플펀드�홈페이지의��2가지�이슈�

첫번째�이슈�PHP로�제작된�서비스

HOW�TO�SAVE�THE�PRINCESS�IN�8�PROGRAMMING�LANGUAGES�

https://toggl.com/programming-princess��

in�PHP?

시스템을�통째로�들어내고�새로�작성한�후�

PHP�~2016.X.09�23:59�Django�2016.X.10�00:00~�

이래도�될까?

시스템을�통째로�바꾸면,�신고식�필요

신규�기능�위주로�Python�Django로�결정

PHP-Django��Session을�공유할�방법을�고민

로그인�연동은�어떻게?�

일단�시작은�가볍게!��PHP와�Django간�연동�

/var/lib/php5�내�session�파일을�이용

import�phpserialize�

with�open("/var/lib/php5/sess_"+session_key,�mode='rb')�as�_fp_session:������_session_contents�=�_fp_session.read()������_session_dict�=�phpserialize.loads(_session_contents)�

해설�:�/var/lib/php5/sess_(session_key)�를�읽어와서�����������로�_session_dict로�집어�넣기

2.�이중화는요?

괄약근이�견디기�힘들어해��급히�화장실에�갔지만…

서버는�지금�죽을�수도�있습니다.

하나가�죽어도�그나마�안심

하나가�죽었을�때�오른쪽�/var/lib/php5�에�저장된�

Session들은�어떻게?

/var/lib/php5�대신��

외부�DB에�저장

다들�Redis�추천!�

왜�DynamoDB를�선택했나?

피플펀드는�스타트업!�사람이�가장�비쌈!�

Redis�해본�사람�1명�있으나�가장�바쁨!�설치하고�다듬고�관리할�시간이�아까움!�

이것�아니어도�할일이�많음

Dynamo�DB

피플펀드에�필요했던�언어�지원�

PHP�-�Session�Handler�Django�-�Boto3

PHP�

use�Aws\DynamoDb\DynamoDbClient;�use�Aws\DynamoDb\SessionHandler;�

$dynamodbclient�=�new�DynamoDbClient([�����'region'��=>�$DYNAMO_REGION,�����'version'�=>�'latest',�����'credentials'�=>�[���������'key'����=>�$DYNAMO_KEY,���������'secret'�=>�$DYNAMO_SECRET,�����],�]);�

$sessionHandler�=�SessionHandler::fromClient($dynamodbclient,�[�����'table_name'�=>�$DYNAMO_TABLE,�����'session_lifetime'�=>�3600,�����'locking_strategy'�=>�'pessimistic'�]);�$sessionHandler->register();

Python�Django�

_awssession�=�boto3.session.Session(�DYNAMODB_ACCESSKEY,�DYNAMODB_SECRETKEY,�region_name=DYNAMODB_REGION)�_dynamodb�=�_awssession.client('dynamodb')�

_res�=�_dynamodb.get_item(�TableName�=�DYNAMODB_TABLE,�Key�=�{�'id':{'S':'PHPSESSID_'+session_key}})�_session_contents�=�_res['Item']['data']['S'].encode(�DEFAULT_ENCODING_PHP_SESSION_FILE�)�_session_expire�=�int(�_res['Item']['expires']['N'].encode(�DEFAULT_ENCODING_PHP_SESSION_FILE)�)�if�_session_expire�<�int(�time.time()�):�����raise�AuthProcessException('SESSION_EXPIRED')�session_dict�=�phpserialize.loads(session_contents)�

평균�0.005�~0.0167초

��최대�0.6초

IAM을�통한�Access�제어�{�����"Version":�"2012-10-17",�����"Statement":�[���������{�������������"Sid":�“Stmt14?????????”,�������������"Effect":�"Allow",�������������"Action":�[�����������������"dynamodb:*"�������������],�������������"Condition":�{�����������������"IpAddress":�{���������������������"aws:SourceIp":�[�������������������������“52.???.???.???/32”,�������������������������"52.???.???.???/32"���������������������]�����������������}�������������},�������������"Resource":�[�����������������“arn:aws:dynamodb:ap-northeast-2:????????????:table/TABLENAME”�������������]���������}�����]�}

간단한 도입과정, 이후엔 자동

복잡한�과정�없이�서버간��Session�공유�완료