WP What is Session Stickiness | Pros and Cons of Using Session Cookies | Imperva

Sticky Session

181.8k views
Network Management

What is a sticky session

Session stickiness, a.k.a., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i.e., the time a specific IP spends on a website). Using sticky sessions can help improve user experience and optimize network resource usage.

With sticky sessions, a load balancer assigns an identifying attribute to a user, typically by issuing a cookie or by tracking their IP details. Then, according to the tracking ID, a load balancer can start routing all of the requests of this user to a specific server for the duration of the session.

A load balancer with and without session stickiness

This can prove very helpful, as HTTP/S is a stateless protocol that was not devised with session persistence in mind. Nevertheless, many web applications do have the need to serve personalized user data (e.g., keep logs of items in a shopping cart or chat conversations) over the course of a session.

Without session persistence, the web application would have to maintain this information across multiple servers, which can prove inefficient—especially for large networks.

Session stickiness: Advantages and disadvantages

Session stickiness offers a number of benefits that can improve your web application’s performance, including:

  • Minimized data exchange – When using sticky sessions, servers within your network don’t need to exchange session data, a costly process when done on scale.
  • RAM cache utilization – Sticky sessions allow for more effective utilization of your application’s RAM cache, resulting in better responsiveness.

That said, sticky sessions also make it more difficult to keep servers in balance. A server can become overloaded if it accumulates too many sessions, or if specific sticky sessions require a high number of resources. This could result in your load balancer having to shift a client to a different server mid-session, resulting in data loss.

Persistence using session cookies

There are two types of cookie-based session persistence: duration-based and application-controlled.

Duration-based session persistence

Your load balancer issues a cookie that defines a specific timeframe for session stickiness. Each time the load balancer receives a client request, it checks whether this cookie is present.

After the specified duration elapses and the cookie expires, the session is not sticky anymore.

Application-controlled session persistence

Your application generates a cookie that determines the duration of session stickiness. The load balancer still issues its own session cookie on top of it, but it now follows the lifetime of the application cookie.

This makes sticky sessions more efficient, ensuring that users are never routed to a server after their local session cookie has already expired. However, it’s more complex to implement because it requires additional integration between the load balancer and the application.

See how Imperva Load Balancer can help you with high availability .

Sticky sessions management with Imperva load balancing

Session stickiness provides an efficient, accurate way to maintain session information between a visitor and server in a load balancing setup, and can help reduce network workload.

Session persistence with Imperva's load balancer using a single mouse click

Imperva Incapsula session stickiness configurations.

Imperva’s load balancer solution allows you to activate session stickiness with a single click of your mouse. Once enabled, a dedicated session cookie in your users’ browsers ensures that they’ll each be served by a dedicated server.

Our LBaaS (load balancer-as-a-service) provides an effective solution for organizations hosting multiple servers with a single data center and those operating multiple data centers in different geo-locations. The service offers a high degree of customization, allowing you the choice of different distribution algorithms and IP/geo based rules to assist with performance and compliance.