Configure sticky sessions for your Classic Load Balancer
By default, a Classic Load Balancer routes each request independently to the registered instance with the smallest load. However, you can use the sticky session feature (also known as session affinity), which enables the load balancer to bind a user's session to a specific instance. This ensures that all requests from the user during the session are sent to the same instance.
The key to managing sticky sessions is to determine how long your load balancer should consistently route the user's request to the same instance. If your application has its own session cookie, then you can configure Elastic Load Balancing so that the session cookie follows the duration specified by the application's session cookie. If your application does not have its own session cookie, then you can configure Elastic Load Balancing to create a session cookie by specifying your own stickiness duration.
Elastic Load Balancing creates a cookie, named AWSELB, that is used to map the session to the instance.
Requirements
-
An HTTP/HTTPS load balancer.
-
At least one healthy instance in each Availability Zone.
Compatibility
-
The RFC for the path property of a cookie allows underscores. However, Elastic Load Balancing URI encodes underscore characters as
%5F
because some browsers, such as Internet Explorer 7, expect underscores to be URI encoded as%5F
. Because of the potential to impact browsers that are currently working, Elastic Load Balancing continues to URI encode underscore characters. For example, if the cookie has the propertypath=/my_path
, Elastic Load Balancing changes this property in the forwarded request topath=/my%5Fpath
. -
You can't set the
secure
flag orHttpOnly
flag on your duration-based session stickiness cookies. However, these cookies contain no sensitive data. Note that if you set thesecure
flag orHttpOnly
flag on an application-controlled session stickiness cookie, it is also set on the AWSELB cookie. -
If you have a trailing semicolon in the
Set-Cookie
field of an application cookie, the load balancer ignores the cookie.
Duration-based session stickiness
The load balancer uses a special cookie, AWSELB, to track the instance for each request to each listener. When the load balancer receives a request, it first checks to see if this cookie is present in the request. If so, the request is sent to the instance specified in the cookie. If there is no cookie, the load balancer chooses an instance based on the existing load balancing algorithm. A cookie is inserted into the response for binding subsequent requests from the same user to that instance. The stickiness policy configuration defines a cookie expiration, which establishes the duration of validity for each cookie. The load balancer does not refresh the expiry time of the cookie and does not check whether the cookie is expired before using it. After a cookie expires, the session is no longer sticky. The client should remove the cookie from its cookie store upon expiry.
With CORS (cross-origin resource sharing) requests, some browsers require
SameSite=None; Secure
to enable stickiness. In this case, Elastic Load Balancing
creates a second stickiness cookie, AWSELBCORS, which includes the same information
as the original stickiness cookie plus this SameSite
attribute. Clients
receive both cookies.
If an instance fails or becomes unhealthy, the load balancer stops routing requests to that instance, and chooses a new healthy instance based on the existing load balancing algorithm. The request is routed to the new instance as if there is no cookie and the session is no longer sticky.
If a client switches to a listener with a different backend port, stickiness is lost.
To enable duration-based sticky sessions for a load balancer using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
On the navigation pane, under Load Balancing, choose Load Balancers.
-
Choose the name of the load balancer to open its detail page.
-
On the Listeners tab, choose Manage listeners.
-
On the Manage listeners page, locate the listener to be updated and choose Edit under Cookie stickiness.
-
On the Edit cookie stickiness setting pop-up, select Generated by load balancer.
-
(Optional) For Expiration period, type the cookie expiration period, in seconds. If you do not specify an expiration period, the sticky session lasts for the duration of the browser session.
-
Choose Save changes to close the pop-up window.
-
Choose Save changes to return to the load balancer details page.
To enable duration-based sticky sessions for a load balancer using the AWS CLI
-
Use the following create-lb-cookie-stickiness-policy command to create a load balancer-generated cookie stickiness policy with a cookie expiration period of 60 seconds:
aws elb create-lb-cookie-stickiness-policy --load-balancer-name
my-loadbalancer
--policy-namemy-duration-cookie-policy
--cookie-expiration-period 60 -
Use the following set-load-balancer-policies-of-listener command to enable session stickiness for the specified load balancer:
aws elb set-load-balancer-policies-of-listener --load-balancer-name
my-loadbalancer
--load-balancer-port443
--policy-namesmy-duration-cookie-policy
Note
The
set-load-balancer-policies-of-listener
command replaces the current set of policies associated with the specified load balancer port. Every time you use this command, specify the--policy-names
option to list all policies to enable. -
(Optional) Use the following describe-load-balancers command to verify that the policy is enabled:
aws elb describe-load-balancers --load-balancer-name
my-loadbalancer
The response includes the following information, which shows that the policy is enabled for the listener on the specified port:
{ "LoadBalancerDescriptions": [ { ... "ListenerDescriptions": [ { "Listener": { "InstancePort": 443, "SSLCertificateId": "arn:aws:iam::123456789012:server-certificate/my-server-certificate", "LoadBalancerPort": 443, "Protocol": "HTTPS", "InstanceProtocol": "HTTPS" }, "PolicyNames": [ "my-duration-cookie-policy", "ELBSecurityPolicy-TLS-1-2-2017-01" ] }, ... ], ... "Policies": { "LBCookieStickinessPolicies": [ { "PolicyName": "my-duration-cookie-policy", "CookieExpirationPeriod": 60 } ], "AppCookieStickinessPolicies": [], "OtherPolicies": [ "ELBSecurityPolicy-TLS-1-2-2017-01" ] }, ... } ] }
Application-controlled session stickiness
The load balancer uses a special cookie to associate the session with the instance that handled the initial request, but follows the lifetime of the application cookie specified in the policy configuration. The load balancer only inserts a new stickiness cookie if the application response includes a new application cookie. The load balancer stickiness cookie does not update with each request. If the application cookie is explicitly removed or expires, the session stops being sticky until a new application cookie is issued.
The following attributes set by back-end instances are sent to clients in the
cookie: path
, port
, domain
,
secure
, httponly
, discard
,
max-age
, expires
, version
,
comment
, commenturl
, and samesite
.
If an instance fails or becomes unhealthy, the load balancer stops routing requests to that instance, and chooses a new healthy instance based on the existing load balancing algorithm. The load balancer treats the session as now "stuck" to the new healthy instance, and continues routing requests to that instance even if the failed instance comes back.
To enable application-controlled session stickiness using the console
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
On the navigation pane, under Load Balancing, choose Load Balancers.
-
Choose the name of the load balancer to open its detail page.
-
On the Listeners tab, choose Manage listeners.
-
On the Manage listeners page, locate the listener to be updated and choose Edit under Cookie stickiness.
-
Select Generated by application.
-
For Cookie Name, type the name of your application cookie.
-
Choose Save changes.
To enable application-controlled session stickiness using the AWS CLI
-
Use the following create-app-cookie-stickiness-policy command to create an application-generated cookie stickiness policy:
aws elb create-app-cookie-stickiness-policy --load-balancer-name
my-loadbalancer
--policy-namemy-app-cookie-policy
--cookie-namemy-app-cookie
-
Use the following set-load-balancer-policies-of-listener command to enable session stickiness for a load balancer:
aws elb set-load-balancer-policies-of-listener --load-balancer-name
my-loadbalancer
--load-balancer-port443
--policy-namesmy-app-cookie-policy
Note
The
set-load-balancer-policies-of-listener
command replaces the current set of policies associated with the specified load balancer port. Every time you use this command, specify the--policy-names
option to list all policies to enable. -
(Optional) Use the following describe-load-balancers command to verify that the sticky policy is enabled:
aws elb describe-load-balancers --load-balancer-name
my-loadbalancer
-
The response includes the following information, which shows that the policy is enabled for the listener on the specified port:
{ "LoadBalancerDescriptions": [ { ... "ListenerDescriptions": [ { "Listener": { "InstancePort": 443, "SSLCertificateId": "arn:aws:iam::123456789012:server-certificate/my-server-certificate", "LoadBalancerPort": 443, "Protocol": "HTTPS", "InstanceProtocol": "HTTPS" }, "PolicyNames": [ "my-app-cookie-policy", "ELBSecurityPolicy-TLS-1-2-2017-01" ] }, { "Listener": { "InstancePort": 80, "LoadBalancerPort": 80, "Protocol": "TCP", "InstanceProtocol": "TCP" }, "PolicyNames": [] } ], ... "Policies": { "LBCookieStickinessPolicies": [], "AppCookieStickinessPolicies": [ { "PolicyName": "my-app-cookie-policy", "CookieName": "my-app-cookie" } ], "OtherPolicies": [ "ELBSecurityPolicy-TLS-1-2-2017-01" ] }, ... } ] }