Elastic Load Balancing
Developer Guide
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Configure Sticky Sessions for Your Load Balancer

By default, a load balancer routes each request independently to the registered instance with the smallest load. However, you can use the sticky session feature (also known as session affinity), which enables the load balancer to bind a user's session to a specific instance. This ensures that all requests from the user during the session are sent to the same instance.

The key to managing sticky sessions is to determine how long your load balancer should consistently route the user's request to the same instance. If your application has its own session cookie, then you can configure Elastic Load Balancing so that the session cookie follows the duration specified by the application's session cookie. If your application does not have its own session cookie, then you can configure Elastic Load Balancing to create a session cookie by specifying your own stickiness duration.

Elastic Load Balancing creates a cookie, named AWSELB, that is used to map the session to the instance.

Requirements

  • An HTTP/HTTPS load balancer.

  • At least one healthy instance in each Availability Zone.

Compatibility

  • The RFC for the path property of a cookie allows underscores. However, Elastic Load Balancing URI encodes underscore characters as %5F because some browsers, such as Internet Explorer 7, expect underscores to be URI encoded as %5F. Because of the potential to impact browsers that are currently working, Elastic Load Balancing continues to URI encode underscore characters. For example, if the cookie has the property path=/my_path, Elastic Load Balancing changes this property in the forwarded request to path=/my%5Fpath.

Duration-Based Session Stickiness

The load balancer uses a special cookie to track the instance for each request to each listener. When the load balancer receives a request, it first checks to see if this cookie is present in the request. If so, the request is sent to the instance specified in the cookie. If there is no cookie, the load balancer chooses an instance based on the existing load balancing algorithm. A cookie is inserted into the response for binding subsequent requests from the same user to that instance. The stickiness policy configuration defines a cookie expiration, which establishes the duration of validity for each cookie. The cookie is automatically updated after its duration expires.

If an instance fails or becomes unhealthy, the load balancer stops routing request to that instance, and chooses a new instance based on the existing load balancing algorithm. The request is routed to the new instance as if there is no cookie and the session is no longer sticky.

If a client switches to a different listener, stickiness is lost.

To enable duration-based sticky sessions for a load balancer using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under LOAD BALANCING, click Load Balancers.

  3. Select your load balancer.

  4. In the Description tab, find Port Configuration, and then click (Edit), which is next to the port.

  5. In the Edit stickiness dialog box, click Enable Load Balancer Generated Cookie Stickiness.

  6. In Expiration Period, enter the cookie expiration period, in seconds.

  7. Click Save.

To enable duration-based sticky sessions for a load balancer using the AWS CLI

  1. Use the following create-lb-cookie-stickiness-policy command to create a load balancer-generated cookie stickiness policy with a cookie expiration period of 60 seconds:

    aws elb create-lb-cookie-stickiness-policy --load-balancer-name my-loadbalancer --policy-name my-duration-cookie-policy --cookie-expiration-period 60
  2. Use the following set-load-balancer-policies-of-listener command to enable session stickiness for the specified load balancer:

    aws elb set-load-balancer-policies-of-listener --load-balancer-name my-loadbalancer --load-balancer-port 443 --policy-names my-duration-cookie-policy my-ProxyProtocol-policy

    Note

    The set-load-balancer-policies-of-listener command replaces the current set of policies associated with the specified load balancer port. Every time you use this command to enable the policies, use the --policy-names option to list all policies that you want to enable for the port.

  3. (Optional) Use the following describe-load-balancers command to verify that the policy is enabled:

    aws elb describe-load-balancers --load-balancer-name my-loadbalancer

    The response includes the following information, which shows that the policy is enabled for the listener on the specified port:

    {
        "LoadBalancerDescriptions": [
            {
                ...
                "ListenerDescriptions": [
                    {
                        "Listener": {
                            "InstancePort": 443, 
                            "SSLCertificateId": "arn:aws:iam::123456789012:server-certificate/my-server-certificate", 
                            "LoadBalancerPort": 443, 
                            "Protocol": "HTTPS", 
                            "InstanceProtocol": "HTTPS"
                        }, 
                        "PolicyNames": [
                            "my-duration-cookie-policy", 
                            "ELBSecurityPolicy-2015-05"
                        ]
                    },
                    ...
                ],            
                ...
                "Policies": {
                    "LBCookieStickinessPolicies": [
                     {
                            "PolicyName": "my-duration-cookie-policy", 
                            "CookieExpirationPeriod": 60
                        }
    
                    ], 
                    "AppCookieStickinessPolicies": [], 
                    "OtherPolicies": [
                        "ELBSecurityPolicy-2015-05"
                    ]
                },
                ...
            }
        ]
    }

Application-Controlled Session Stickiness

The load balancer uses a special cookie to associate the session with the instance that handled the initial request, but follows the lifetime of the application cookie specified in the policy configuration. The load balancer only inserts a new stickiness cookie if the application response includes a new application cookie. The load balancer stickiness cookie does not update with each request. If the application cookie is explicitly removed or expires, the session stops being sticky until a new application cookie is issued.

If an instance fails or becomes unhealthy, the load balancer stops routing request to that instance, instead chooses a new healthy instance based on the existing load balancing algorithm. The load balancer treats the session as now "stuck" to the new healthy instance, and continues routing requests to that instance even if the failed instance comes back.

To enable application-controlled session stickiness using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, under LOAD BALANCING, click Load Balancers.

  3. Select your load balancer.

  4. In the Description tab, find Port Configuration, and then click (Edit), which is next to the port.

  5. In the Edit stickiness dialog box, click Enable Application Generated Cookie Stickiness.

  6. In Cookie Name, enter the name of your application cookie.

  7. Click Save.

To enable application-controlled session stickiness using the AWS CLI

  1. Use the following create-app-cookie-stickiness-policy command to create an application-generated cookie stickiness policy:

    aws elb create-app-cookie-stickiness-policy --load-balancer-name my-loadbalancer --policy-name my-app-cookie-policy --cookie-name my-app-cookie
  2. Use the following set-load-balancer-policies-of-listener command to enable session stickiness for a load balancer:

    aws elb set-load-balancer-policies-of-listener --load-balancer-name my-loadbalancer --load-balancer-port 443 --policy-names my-app-cookie-policy

    Note

    The set-load-balancer-policies-of-listener command replaces the current set of policies associated with the specified load balancer port. Every time you use this command to enable the policies, use the --policy-names option to list all the policies you want to enable for the port.

  3. (Optional) Use the following describe-load-balancers command to verify that the sticky policy is enabled:

    aws elb describe-load-balancers --load-balancer-name my-loadbalancer
  4. The response includes the following information, which shows that the policy is enabled for the listener on the specified port:

    {
        "LoadBalancerDescriptions": [
            {
                ...
                "ListenerDescriptions": [
                    {
                        "Listener": {
                            "InstancePort": 443, 
                            "SSLCertificateId": "arn:aws:iam::123456789012:server-certificate/my-server-certificate", 
                            "LoadBalancerPort": 443, 
                            "Protocol": "HTTPS", 
                            "InstanceProtocol": "HTTPS"
                        }, 
                        "PolicyNames": [
                            "my-app-cookie-policy",  
                            "ELBSecurityPolicy-2015-05"
                        ]
                    }, 
                    {
                        "Listener": {
                            "InstancePort": 80, 
                            "LoadBalancerPort": 80, 
                            "Protocol": "TCP", 
                            "InstanceProtocol": "TCP"
                        }, 
                        "PolicyNames": []
                    }
                ],
                ...
                "Policies": {
                    "LBCookieStickinessPolicies": [], 
                    "AppCookieStickinessPolicies": [
                    {
                            "PolicyName": "my-app-cookie-policy", 
                            "CookieName": "my-app-cookie"
                        }
    
                    ], 
                    "OtherPolicies": [
                        "ELBSecurityPolicy-2015-05" 
                    ]
                }, 
                ...
            }
        ]
    }