What is a sticky session
Session stickiness, a.k.a., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i.e., the time a specific IP spends on a website). Using sticky sessions can help improve user experience and optimize network resource usage.
With sticky sessions, a load balancer assigns an identifying attribute to a user, typically by issuing a cookie or by tracking their IP details. Then, according to the tracking ID, a load balancer can start routing all of the requests of this user to a specific server for the duration of the session.
This can prove very helpful, as HTTP/S is a stateless protocol that was not devised with session persistence in mind. Nevertheless, many web applications do have the need to serve personalized user data (e.g., keep logs of items in a shopping cart or chat conversations) over the course of a session.
Without session persistence, the web application would have to maintain this information across multiple servers, which can prove inefficient—especially for large networks.
Session stickiness: Advantages and disadvantages
Session stickiness offers a number of benefits that can improve your web application’s performance, including:
- Minimized data exchange – When using sticky sessions, servers within your network don’t need to exchange session data, a costly process when done on scale.
- RAM cache utilization – Sticky sessions allow for more effective utilization of your application’s RAM cache, resulting in better responsiveness.
That said, sticky sessions also make it more difficult to keep servers in balance. A server can become overloaded if it accumulates too many sessions, or if specific sticky sessions require a high number of resources. This could result in your load balancer having to shift a client to a different server mid-session, resulting in data loss.
Persistence using session cookies
There are two types of cookie-based session persistence: duration-based and application-controlled.
Duration-based session persistence
Your load balancer issues a cookie that defines a specific timeframe for session stickiness. Each time the load balancer receives a client request, it checks whether this cookie is present.
After the specified duration elapses and the cookie expires, the session is not sticky anymore.
Application-controlled session persistence
Your application generates a cookie that determines the duration of session stickiness. The load balancer still issues its own session cookie on top of it, but it now follows the lifetime of the application cookie.
This makes sticky sessions more efficient, ensuring that users are never routed to a server after their local session cookie has already expired. However, it’s more complex to implement because it requires additional integration between the load balancer and the application.
Sticky sessions management with Imperva load balancing
Session stickiness provides an efficient, accurate way to maintain session information between a visitor and server in a load balancing setup, and can help reduce network workload.
Imperva’s load balancer solution allows you to activate session stickiness with a single click of your mouse. Once enabled, a dedicated session cookie in your users’ browsers ensures that they’ll each be served by a dedicated server.
Our LBaaS (load balancer-as-a-service) provides an effective solution for organizations hosting multiple servers with a single data center and those operating multiple data centers in different geo-locations. The service offers a high degree of customization, allowing you the choice of different distribution algorithms and IP/geo based rules to assist with performance and compliance.