What is Session Stickiness | Pros and Cons of Using … – Imperva
What is a sticky session
Session stickiness, a. k. a., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i. e., the time a specific IP spends on a website). Using sticky sessions can help improve user experience and optimize network resource usage.
With sticky sessions, a load balancer assigns an identifying attribute to a user, typically by issuing a cookie or by tracking their IP details. Then, according to the tracking ID, a load balancer can start routing all of the requests of this user to a specific server for the duration of the session.
This can prove very helpful, as HTTP/S is a stateless protocol that was not devised with session persistence in mind. Nevertheless, many web applications do have the need to serve personalized user data (e. g., keep logs of items in a shopping cart or chat conversations) over the course of a session.
Without session persistence, the web application would have to maintain this information across multiple servers, which can prove inefficient—especially for large networks.
Session stickiness: Advantages and disadvantages
Session stickiness offers a number of benefits that can improve your web application’s performance, including:
Minimized data exchange – When using sticky sessions, servers within your network don’t need to exchange session data, a costly process when done on scale.
RAM cache utilization – Sticky sessions allow for more effective utilization of your application’s RAM cache, resulting in better responsiveness.
That said, sticky sessions also make it more difficult to keep servers in balance. A server can become overloaded if it accumulates too many sessions, or if specific sticky sessions require a high number of resources. This could result in your load balancer having to shift a client to a different server mid-session, resulting in data loss.
Persistence using session cookies
There are two types of cookie-based session persistence: duration-based and application-controlled.
Duration-based session persistence
Your load balancer issues a cookie that defines a specific timeframe for session stickiness. Each time the load balancer receives a client request, it checks whether this cookie is present.
After the specified duration elapses and the cookie expires, the session is not sticky anymore.
Application-controlled session persistence
Your application generates a cookie that determines the duration of session stickiness. The load balancer still issues its own session cookie on top of it, but it now follows the lifetime of the application cookie.
This makes sticky sessions more efficient, ensuring that users are never routed to a server after their local session cookie has already expired. However, it’s more complex to implement because it requires additional integration between the load balancer and the application.
Sticky sessions management with Imperva load balancing
Session stickiness provides an efficient, accurate way to maintain session information between a visitor and server in a load balancing setup, and can help reduce network workload.
Imperva Incapsula session stickiness configurations.
Imperva’s load balancer solution allows you to activate session stickiness with a single click of your mouse. Once enabled, a dedicated session cookie in your users’ browsers ensures that they’ll each be served by a dedicated server.
Our LBaaS (load balancer-as-a-service) provides an effective solution for organizations hosting multiple servers with a single data center and those operating multiple data centers in different geo-locations. The service offers a high degree of customization, allowing you the choice of different distribution algorithms and IP/geo based rules to assist with performance and compliance.
What does the term sticky session mean and how is it achieved?
JBoss Enterprise Application Platform
What does the term sticky session mean and how is it achieved?
Sticky session refers to the feature of many commercial load balancing solutions for web-farms to route the requests for a particular session to the same physical machine that serviced the first request for that session. This is mainly used to ensure that a in-proc session is not lost as a result of requests for a session being routed to different servers. Since requests for a user are always routed to the same machine that first served the request for that session, sticky sessions can cause uneven load distribution across servers.
Sticky sessions is most commonly maintained by the session’s jvmRoute (used my mod_jk, mod_cluster, and mod_proxy_cluster). When JBoss creates a session, it creates it in the format “id. jvmRoute”. The jvmRoute serves as an identifier for that node so all subsequent requests for a session are stickied and sent straight to the node indicated by the jvmRoute in the session cookie. If the request fails over from one JBoss node to another, then JBoss will update the client’s session cookie so that their session’s jvmRoute matches the new node they failed over to.
Other third party load balancers may maintain sticky sessions instead by remember the client ip address and which backend server that client was sent to originally.
Red Hat JBoss Enterprise Application Platform
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
What is the downside to sticky sessions with load balancers?
We have a web farm of IIS7 machines which work great. In front of them is an F5 Big-IP hardware load balancer, also working fine:)
Currently we’re using an State Service to handle our OutProc state. This is required when you have a web farm to maintain any type of session information.
I was wondering if we could have sticky sessions on the F5 Big-IP and therefore change from OutProc back to InProc? If so, what is the downside of this? I know the downside of InProc vs OutProc, so don’t worry about explaining that. I’m more interested in the pros/cons of sticky sessions with out F5 Big-IP.
Can anyone shed some light and/or experience?
Glorfindel1, 1783 gold badges14 silver badges22 bronze badges
asked Jul 27 ’09 at 4:14
There are two main downsides:
Your load isn’t evenly
distributed. Sticky sessions will
stick, hence the name. While
initial requests will be
distributed evenly, you might end up
with a significant number of users
spending more time than others. If
all of these are initially set to a
single server, that server will have
much more load. Typically, this
isn’t really going to have a huge
impact, and can be mitigated by having more servers in your cluster.
Proxies conglomerate users into single IP’s, all of which would get sent to a single server. While that typically does no harm, again other than increasing individual server loads, proxies can also operate in a cluster. A request into your F5 from such a system would not necessarily be sent back to the same server if the request comes out of a different proxy server in their proxy cluster.
AOL was at one point using proxy clusters, and really screwed with load balancers and sticky sessions. Most load balancers will now offer sticky sessions based off of C-Class net ranges, or with the case of F5, cookie based sticky sessions which store the end node in a web request cookie.
While cookie based sessions should works, I’ve had some problems with them, and typically choose IP based sessions. BIG HOWEVER: I’m mostly working on internal apps – DMZ milage might vary.
All that being stated, we’ve had some great success with sites running behing F5 with sticky sessions and In-Proc sessions.
You also might want to take a look at one of the in memory distributed caching systems like Memcached or Velocity for an alternative to session being stored in SQL or the out of proc memory service. You get close to the speed of in-proc memory with the ability to run it across several servers.
answered Jul 27 ’09 at 4:30
In addition to the excellent answer from Christopher, sticky sessions mean that you’ve lost a couple of the huge benefits of redundant servers — the ability to take one or more down for maintenance, and transparency in the face of system failure.
I consider sticky sessions a strong indicator of poor application architecture and/or poor programming. “Avoid at all costs” is my motto.
answered Jul 27 ’09 at 10:15
womble♦womble93. 4k29 gold badges168 silver badges226 bronze badges
Not the answer you’re looking for? Browse other questions tagged iis-7 load-balancing f5-big-ip sticky-sessions or ask your own question.
Frequently Asked Questions about what is a sticky session
What does sticky session mean?
Sticky session refers to the feature of many commercial load balancing solutions for web-farms to route the requests for a particular session to the same physical machine that serviced the first request for that session.May 8, 2018
Why are sticky sessions bad?
There are two main downsides: Your load isn’t evenly distributed. Sticky sessions will stick, hence the name. While initial requests will be distributed evenly, you might end up with a significant number of users spending more time than others.Jul 27, 2009
What are non sticky sessions?
Some situations require that sessions be ‘non-sticky’, which means that client requests are directed to any server in a cluster of application servers rather than returning to the same server with each request for a given client.