Sticky sessions on load balancers with HTTP and HTTPS

load-balancing sticky-sessions
5,604

Solution 1

Loadbalancers can identify sessions with cookies, parameters in the url, etc. If you use https on your loadbalancer, the loadbalancer has to do all the SSL handling itself, so it can have a look into the session.

So, yes, you need a loadbalancer which terminates the SSL to the client, so it can access the session data. (no Linux Virtual Server or HAProxy for you then)

Solution 2

Generally sticky is the default for HTTPS and non-sticky is the default for HTTP.

For HTTP you need to enable sticky sessions if part of the session state data is held locally on the server side (either only in RAM or only on local storage). For example, once a connection is authenticated to server A, it needs to continue being routed to server A because server B will require reauthentication.

If subsequent requests will succeed regardless of which server they are routed to then you should not be using sticky.

Non-sticky, if your application supports it, is usually preferred.

Share:
5,604

Related videos on Youtube

jwbensley
Author by

jwbensley

Senior network engineer / architect Programmer Hobbyist hardware hacker/tinkerer

Updated on September 18, 2022

Comments

  • jwbensley
    jwbensley over 1 year

    How does sticky sessions relate to HTTP and HTTPS;

    If I place a load balancer in front of some web app servers that run a front end that supports HTTPS, will the sessions remain "sticky" on a typical load balancer that lists "stick sessions" as one of it's supported features?

    I understand that question is partly open ended; To clarify, would I require a load balancer that supports sticky HTTPS session specifical or is "sticky sessions" a principal that functions agnostic of the HTTP payload, be it encrypted or not?

    Thank you.

  • Hrvoje Špoljar
    Hrvoje Špoljar over 11 years
    HAProxy supports both native SSL termination or you can use another software like NGiNX to terminate SSL and proxy through HTTP back to HAProxy. Sticky can be achieved directly with HAProxy sticky-table or emulated with inserting cookies.
  • BigSack
    BigSack almost 11 years
    @HrvojeŠpoljar , right :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Pfsense: Inbound Load Balancing https with sticky connection
does bigIP support sticky session
What IP does nginx use for ip_hash sticky sessions?
Nginx ip_hash does not load-balance connections to meteor backend
Sticky sessions with Nginx proxy
What is the downside to sticky sessions with load balancers?
Do HTTP reverse proxies typically enable HTTP Keep-Alive on the client side of the proxied connection and not on the server side?
Load Balancing and Clustering using mod_proxy_ajp on Apache HTTP Server 2.2.21 and Tomcat 7.0.23
Load balancer and session management
Redirect users to the nearest server based on their location without changing url