Login/Register
HTTP Session in Load Balancer
Asked Answered
Solved javaspringjboss7.xhttpsession
A

1

9

We have two servers for load balancing. Sometimes we get an invalid session after successful login into our application and the user session is expired even though the session timeout is configured as 30 minutes. We are not sure whether the authentication is happening in one of the servers and subsequent request goes to another server. This is appears to be random and does not happen to all users.

Noticed invalid session happening only in the selected network. Our application is accessed in 21 different stores across India. Out of which 7 stores has this problem, even all stores using Airtel network. Our application working fine in my office network and airtel data card. But facing weird problem on connecting using Jio network in my laptop. How this happening in the Jio network alone?

Language: Java

Framework: Spring

Server: Jboss 7.1.1
Airdry answered 9/12, 2016 at 11:51 Comment(0)
S
11

As you said, the problem is most likely because the session is created on one server, but some of the subsequent requests are going to another server that does not have the correct attributes for the session, and hence it thinks the user is not signed in.

You either need to configure sticky session in your load balancer so that all requests for a given session always redirect to one of the two server where the session exists (and sticks to it). In other words, once user1's session gets created on serverA, all subsequent requests stick to it for that session. Likewise, user2's session may or may not end up on the same server or serverB. Sticky session (or session affinity) cam be achieved with configuration only and without code changes.

Alternatively, you can persist the session in an external data source and share it between the two servers without needing sticky session. Spring Session framework provides a very convenient way to achieve session persistent using many external data sources. Session persistent requires code (well, Spring config) changes, so they are a bit more intrusive than using sticky session, but it serves better for load balancing, scalability and availability of your services.

Here are some references that should help you decide or at least learn more:

http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/

https://touk.pl/blog/2016/03/22/haproxy-sticky-sessions-for-soap-payloads/

http://docs.spring.io/spring-session/docs/current/reference/html5/

Slap answered 9/12, 2016 at 12:22 Comment(3)
Noticed invalid session happening only in the selected network. Our application is accessed in 21 different stores across India. Out of which 7 stores has this problem, even all stores using Airtel network. Our application working fine in my office network and airtel data card. But facing weird problem on connecting using Jio network in my laptopAirdry
What load balancer are you using? Some load balancers (like NGINX) support (and set as default) session affinity by the client IP address. If that's the case, it's possible that when you connect from your office network, the client IP that the server reads is the same regardless of which workstation you connect from as most office networks use a proxy for the outbound traffic. And hence the server may only see the proxy's IP as the client IP. This will change as soon as you use a different provider. Guessing, but we faced similar problems when connecting from cellular data vs office LAN/WAN.Slap
We use "F5" Load balancer, Sometimes the session become invalid after authentication in Jio network, but works fine in airtel network any idea why its happening? How to resolve this issue, please help.Airdry

© 2022 - 2024 — McMap. All rights reserved.