Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTTP Session in Load Balancer

We have two servers for load balancing. Sometimes we get an invalid session after successful login into our application and the user session is expired even though the session timeout is configured as 30 minutes. We are not sure whether the authentication is happening in one of the servers and subsequent request goes to another server. This is appears to be random and does not happen to all users.

Noticed invalid session happening only in the selected network. Our application is accessed in 21 different stores across India. Out of which 7 stores has this problem, even all stores using Airtel network. Our application working fine in my office network and airtel data card. But facing weird problem on connecting using Jio network in my laptop. How this happening in the Jio network alone?

Language: Java 

Framework: Spring

Server: Jboss 7.1.1
like image 310
Premanand K Avatar asked Dec 09 '16 11:12

Premanand K


People also ask

What is session affinity in a load balancer?

Session affinity, also known as “sticky sessions”, is the function of the load balancer that directs subsequent requests from each unique session to the same Dgraph in the load balancer pool.

Does session work on load balancer?

Session stickiness, a.k.a., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i.e., the time a specific IP spends on a website).

What is HTTP load balancing?

External HTTP(S) Load Balancing is a proxy-based Layer 7 load balancer that enables you to run and scale your services behind a single external IP address.

Which load balancer is best suited for HTTP https load balancing traffic?

If you need to load balance HTTP requests, we recommend you use the Application Load Balancer (ALB). For network/transport protocols (layer4 – TCP, UDP) load balancing, and for extreme performance/low latency applications we recommend using Network Load Balancer.


1 Answers

As you said, the problem is most likely because the session is created on one server, but some of the subsequent requests are going to another server that does not have the correct attributes for the session, and hence it thinks the user is not signed in.

You either need to configure sticky session in your load balancer so that all requests for a given session always redirect to one of the two server where the session exists (and sticks to it). In other words, once user1's session gets created on serverA, all subsequent requests stick to it for that session. Likewise, user2's session may or may not end up on the same server or serverB. Sticky session (or session affinity) cam be achieved with configuration only and without code changes.

Alternatively, you can persist the session in an external data source and share it between the two servers without needing sticky session. Spring Session framework provides a very convenient way to achieve session persistent using many external data sources. Session persistent requires code (well, Spring config) changes, so they are a bit more intrusive than using sticky session, but it serves better for load balancing, scalability and availability of your services.

Here are some references that should help you decide or at least learn more:

http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/

https://touk.pl/blog/2016/03/22/haproxy-sticky-sessions-for-soap-payloads/

http://docs.spring.io/spring-session/docs/current/reference/html5/

like image 154
Bloodysock Avatar answered Oct 19 '22 04:10

Bloodysock