We have two servers for load balancing. Sometimes we get an invalid session after successful login into our application and the user session is expired even though the session timeout is configured as 30 minutes. We are not sure whether the authentication is happening in one of the servers and subsequent request goes to another server. This is appears to be random and does not happen to all users.
Noticed invalid session happening only in the selected network. Our application is accessed in 21 different stores across India. Out of which 7 stores has this problem, even all stores using Airtel network. Our application working fine in my office network and airtel data card. But facing weird problem on connecting using Jio network in my laptop. How this happening in the Jio network alone?
Language: Java
Framework: Spring
Server: Jboss 7.1.1
Session affinity, also known as “sticky sessions”, is the function of the load balancer that directs subsequent requests from each unique session to the same Dgraph in the load balancer pool.
Session stickiness, a.k.a., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i.e., the time a specific IP spends on a website).
External HTTP(S) Load Balancing is a proxy-based Layer 7 load balancer that enables you to run and scale your services behind a single external IP address.
If you need to load balance HTTP requests, we recommend you use the Application Load Balancer (ALB). For network/transport protocols (layer4 – TCP, UDP) load balancing, and for extreme performance/low latency applications we recommend using Network Load Balancer.
As you said, the problem is most likely because the session is created on one server, but some of the subsequent requests are going to another server that does not have the correct attributes for the session, and hence it thinks the user is not signed in.
You either need to configure sticky session in your load balancer so that all requests for a given session always redirect to one of the two server where the session exists (and sticks to it). In other words, once user1's session gets created on serverA, all subsequent requests stick to it for that session. Likewise, user2's session may or may not end up on the same server or serverB. Sticky session (or session affinity) cam be achieved with configuration only and without code changes.
Alternatively, you can persist the session in an external data source and share it between the two servers without needing sticky session. Spring Session framework provides a very convenient way to achieve session persistent using many external data sources. Session persistent requires code (well, Spring config) changes, so they are a bit more intrusive than using sticky session, but it serves better for load balancing, scalability and availability of your services.
Here are some references that should help you decide or at least learn more:
http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/
https://touk.pl/blog/2016/03/22/haproxy-sticky-sessions-for-soap-payloads/
http://docs.spring.io/spring-session/docs/current/reference/html5/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With