What is Session Stickiness | Pros and Cons of Using … – Imperva
What is a sticky session
Session stickiness, a. k. a., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i. e., the time a specific IP spends on a website). Using sticky sessions can help improve user experience and optimize network resource usage.
With sticky sessions, a load balancer assigns an identifying attribute to a user, typically by issuing a cookie or by tracking their IP details. Then, according to the tracking ID, a load balancer can start routing all of the requests of this user to a specific server for the duration of the session.
This can prove very helpful, as HTTP/S is a stateless protocol that was not devised with session persistence in mind. Nevertheless, many web applications do have the need to serve personalized user data (e. g., keep logs of items in a shopping cart or chat conversations) over the course of a session.
Without session persistence, the web application would have to maintain this information across multiple servers, which can prove inefficient—especially for large networks.
Session stickiness: Advantages and disadvantages
Session stickiness offers a number of benefits that can improve your web application’s performance, including:
Minimized data exchange – When using sticky sessions, servers within your network don’t need to exchange session data, a costly process when done on scale.
RAM cache utilization – Sticky sessions allow for more effective utilization of your application’s RAM cache, resulting in better responsiveness.
That said, sticky sessions also make it more difficult to keep servers in balance. A server can become overloaded if it accumulates too many sessions, or if specific sticky sessions require a high number of resources. This could result in your load balancer having to shift a client to a different server mid-session, resulting in data loss.
Persistence using session cookies
There are two types of cookie-based session persistence: duration-based and application-controlled.
Duration-based session persistence
Your load balancer issues a cookie that defines a specific timeframe for session stickiness. Each time the load balancer receives a client request, it checks whether this cookie is present.
After the specified duration elapses and the cookie expires, the session is not sticky anymore.
Application-controlled session persistence
Your application generates a cookie that determines the duration of session stickiness. The load balancer still issues its own session cookie on top of it, but it now follows the lifetime of the application cookie.
This makes sticky sessions more efficient, ensuring that users are never routed to a server after their local session cookie has already expired. However, it’s more complex to implement because it requires additional integration between the load balancer and the application.
Sticky sessions management with Imperva load balancing
Session stickiness provides an efficient, accurate way to maintain session information between a visitor and server in a load balancing setup, and can help reduce network workload.
Imperva Incapsula session stickiness configurations.
Imperva’s load balancer solution allows you to activate session stickiness with a single click of your mouse. Once enabled, a dedicated session cookie in your users’ browsers ensures that they’ll each be served by a dedicated server.
Our LBaaS (load balancer-as-a-service) provides an effective solution for organizations hosting multiple servers with a single data center and those operating multiple data centers in different geo-locations. The service offers a high degree of customization, allowing you the choice of different distribution algorithms and IP/geo based rules to assist with performance and compliance.
What does the term sticky session mean and how is it achieved?
JBoss Enterprise Application Platform
What does the term sticky session mean and how is it achieved?
Sticky session refers to the feature of many commercial load balancing solutions for web-farms to route the requests for a particular session to the same physical machine that serviced the first request for that session. This is mainly used to ensure that a in-proc session is not lost as a result of requests for a session being routed to different servers. Since requests for a user are always routed to the same machine that first served the request for that session, sticky sessions can cause uneven load distribution across servers.
Sticky sessions is most commonly maintained by the session’s jvmRoute (used my mod_jk, mod_cluster, and mod_proxy_cluster). When JBoss creates a session, it creates it in the format “id. jvmRoute”. The jvmRoute serves as an identifier for that node so all subsequent requests for a session are stickied and sent straight to the node indicated by the jvmRoute in the session cookie. If the request fails over from one JBoss node to another, then JBoss will update the client’s session cookie so that their session’s jvmRoute matches the new node they failed over to.
Other third party load balancers may maintain sticky sessions instead by remember the client ip address and which backend server that client was sent to originally.
Red Hat JBoss Enterprise Application Platform
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Sticky Sessions: Good or Bad? – Stack Overflow
If a single request is sent to load balanced set of servers only one of the servers should get the request, typically allocated via round robin. If you are issuing a single request and it hits both your servers something else is wrong.
Otherwise I will assume that you are issuing 2 rapid request and they hit both of your load balanced servers (as round robin would), that your transaction does not complete before the second request hits the server and that you believe sticky sessions would solve this issue.
A sticky session would send all requests in this session to the same server. In your example both requests would now hit the same server and if you did nothing else, the transaction for the first request would not have been committed before the second request started, so you would get the same result i. e sticky sessions alone would not help.
If the transaction were something like placing an order then you could craft your code so that upon successful commit the contents of the cart were deleted.
The first request to complete would delete the cart, the second request would fail and you could message the user that the order had already been placed.
Sticky sessions can make it more complicated to have high availability and scalability. For the former, consider the case where one server goes down – all sessions on that server will also go down and you will have to write code to fail them over to the other server.
For the latter case, assuming your sessions last some interval e. g. 1/2 hour, if you have a N new users come to the site they will initially be evenly divided between both of your servers. If before 1/2 hour all of the users from server 1 leave and another M users come in, then you will have more load on server 2 which has original N/2 user plus new M/2 users while serer 1 only has M/2 users i. e you will have wasted capacity and will need to code to fix.
There are times when sticky sessions may be useful, but unless you have a good reason to use them I would avoid them
Frequently Asked Questions about what is sticky session
Why do we need sticky session?
This is mainly used to ensure that a in-proc session is not lost as a result of requests for a session being routed to different servers. Since requests for a user are always routed to the same machine that first served the request for that session, sticky sessions can cause uneven load distribution across servers.May 8, 2018
Is sticky session good or bad?
Sticky sessions can make it more complicated to have high availability and scalability. For the former, consider the case where one server goes down – all sessions on that server will also go down and you will have to write code to fail them over to the other server.Nov 21, 2011
What means sticky session?
Session Persistence (sometimes called sticky sessions) involves directing a user’s requests to one application or backend web server for the duration of a “session.” The session is the time it takes a user to complete a transaction or task that might include multiple requests.