I have an application with multiple EC2 instances behind an ELB. Previously, we enabled sticky session on ELB using AWSELB cookie (AWS generated cookie strategy) and it was working smoothly.
Now, due to some requirement, we have to use application cookie to set up sticky session on ELB.
In the request we are sending this application generated cookie but it is not working.
Can anyone please assist me?
Related
I have an application which uses AWS load balancer. The application shows that the AWSALB Cookie is not marked with the "secure" attribute.Attached image shows the cookies used in the application where AWSALB cookie marked without secure attribute
recently we had switched from aws elb to aws alb; but we are facing issue in aws alb; cookie stickiness is not working at all; for each request (event ajax request on the page) generates a new cookie;
if we switch back to aws elb again cookie stickiness working perfectly fine.
AWSALB is a cookie generated by the Application load balancer in the AWS. It works slightly different from AWSELB.
The ASWALB cookie is load balancer generated cookie. Once the load balancer routes your request to one of the servers, it generates a new cookie and sends it to the client in the response header. Though AWSALB works fine when you just send the webapp_session for consecutive request, it is better to integrate the AWSALB cookie along with the webapp_session and send it for each request to the server. This way, the load balancer will identify your target server and direct your request to the same target in each request call to the server. This preserves the stickyness of the server.
However, if you send AWSALB along with the webapp_session in the request header for each request to the sever, even if the target that processed your previous requests gets busy for future requests, the AWSALB generated in each call will help the load balancer identify your credentials and route your request to the new target. I faced similar situation and this helped me solve the problem.
The "STICKY SESSION" topic in this https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#sticky-sessions will perhaps help you have some idea.
For Application LB you have to set up session stickiness in target group not directly in LB like in Classic LB. Session stickiness doesn't work when your browser blocks AWSALBCORS, AWSALB - this seems to be obvious, but Internet Explorer can block these cookies and doesn't show any warning/info in console.
I am using Amazon AWS EC2 to host my web application. My web application is hosted on 2 web servers and having Loadbalancer to manage traffic.
I am using CodeIgniter framework.
My problem is when I try to login to my application, Loadbalancer is routing my request to wrong server and even with correct Login Password I am not able to Login to my application and due to this my session is not started.
Thank you in advance:)
You should be enabling the sticky session feature.
If you are using AWS ELB (Classic Load Balancer), then check out how to configure sticky sessions.
I am running a tomcat web application on AWS Elastic Beanstalk using load balancing. I have two cookies for each session (1) JSESSIONID (2) XSRF-TOKEN (csrf token*).
I set the JSESSIONID as the application-controlled session stickiness cookie, in Load Balancer Port Configuration. It works perfectly. But I can not set the second session cookie as it is only possible to set ONE sticky cookie in the Load Balancer.
Any idea how I can set multiple cookies for a session in Elastic Beanstalk Load Balancer?
I appreciate your help as Im stuck with this big time!
Migan
*On every request to the backend, backend generates an CSRF-TOKEN and hands it over to the client by setting it as an HTTP response header. The client is required to submit this token on every state changing request in order to prevent cross-site request forgery.
Problem solved!
The reason I could not see my XSRF_TOKEN cookies was that in the test environment I was using http to access my ElasticBeanstalk environment. Once I generate an SSL certificate and accessed my instance using https, my lovely XSRF_TOKEN cookie appeared again!
I have an iphone app based on sharepoint REST API CRUD operations. To do these operations, I get a fed auth cookie in the app launch using a custom login (sharepoint page) and thereafter all interactions are done using REST API calls. The problem we are facing is that randomly we are seeing abrupt session logout. While researching, we found out that this might be a stickiness based problem. So, we want to enable stickiness on our F5 load balancer. Now my question is- Is stickiness something that is browser dependant? If the requests keep moving via API calls and not through browser requests, which stickiness is recommended?
If your application supports cookies, then you can use cookie persistence. Otherwise, you can use source IP address affinity.