Sticky sessions with application-based cookies - AWS Prescriptive Guidance
Common use casesCode changes from basic.ymlStepsExpected resultsHow it works

Sticky sessions with application-based cookies

When you use an Application Load Balancer with an application-based cookie:

  • The Application Load Balancer uses the target group weight to determine how to balance the incoming traffic between the target groups.

  • By default, the Application Load Balancer uses the round robin method to route requests to the EC2 instances in the destination target group.

  • After traffic has been initially routed to an EC2 instance, the EC2 instance application response should contain a custom application cookie, which is sent back to the client along with an automated Application Load Balancer cookie.

  • Subsequent traffic will stick to the EC2 instance if the client sends back the application cookie and the Application Load Balancer cookie.

  • The application-based cookie expires after non-use for the configured duration.

Template: Use the AWS CloudFormation template stickysessionsapp.yml (included in the sample code .zip file) to try out sticky sessions with application-based cookies.

Common use cases

Use sticky sessions with application-generated cookies when you want additional control in these scenarios:

  • PHP web servers

  • Servers that maintain temporary session data such as logs, shopping carts, or chat conversations

Code changes from basic.yml

The only code change is in the target group configuration. We added a stickiness configuration to the Application Load Balancer and the target group attributes. The application cookie duration is specified, and the target group has application cookie stickiness enabled.

basic.yml stickysessionsapp.yml 
TG1:
   Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
   Properties:
     Name: TG1
     Protocol: HTTP
     Port: 80
     TargetType: instance
     Targets:
       - Id: !Ref Instance1
       - Id: !Ref Instance2
VpcId: !Ref CustomVPC
 
TG1:
  Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
  Properties:
    Name: TG1
    Protocol: HTTP
    Port: 80
    TargetType: instance
    Targets:
      - Id: !Ref Instance1
      - Id: !Ref Instance2
    VpcId: !Ref CustomVPC
    TargetGroupAttributes:
      - Key: stickiness.enabled
        Value: true
      - Key: stickiness.type
        Value: app_cookie
      - Key: stickiness.app_cookie.duration_seconds
        Value: 10
      - Key: stickiness.app_cookie.cookie_name
        Value: TESTCOOKIE

Steps

Notes

  • NAT gateways incur a small cost.

  • Multiple EC2 instances will use up your free tier hours faster than a single EC2 instance.

  1. Deploy the CloudFormation template stickysessionslb.yml in a lab environment.

  2. Wait until the health status of your target group instances changes from initial to healthy.

  3. Navigate to the Application Load Balancer URL in a web browser, using HTTP (TCP/80).

    For example: http://alb-123456789.us-east-1.elb.amazonaws.com/

    The webpage displays one of the following: Instance 1 - TG1, Instance 2 - TG1, Instance 3 - TG2, or Instance 4 - TG2.

  4. Refresh the page multiple times.

Expected results

Note

The CloudFormation template in this example has configured the stickiness to last 10 seconds. Valid stickiness duration configuration is between 1 second and 1 week.

The instance that loads the web page should stay the same, as indicated by the page text.

The stickiness duration doesn't refresh, but is based on the expiration configured in the Application Load Balancer for the application cookie that is generated by the EC2 instance.

Example 1: Wait 5 seconds to refresh the page. The same instance will load and the stickiness will be refreshed for another 10 seconds.

Example 2: Wait longer than 10 seconds to reload the page. The application cookie expires, and you are routed to a different EC2 instance. This new instance generates another application cookie with a 10-second duration.

How it works

  • In this example the EC2 instances have an Apache web server (httpd) installed. The httpd.conf file is configured to return a static Set-Cookie value back to the client (your web browser). The Set-Cookie value is hardcoded to be TESTCOOKIE=<somevalue>.

  • Open your browser's Inspect Element option, choose the Network tab, and then choose the Get method, which loads the page. You will see a Cookies tab.

  • The browser is a client application that is automatically configured to return any subsequent updates to the server with the cookies it receives in the server's Set-Cookie response.

  • When you reload the page, the cookies received in the initial page load are automatically sent back to the Application Load Balancer.

    • If the cookie has expired (that is, 10 seconds have elapsed since you placed the last call), the Application Load Balancer uses new logic to determine which EC2 instance to route traffic to.

    • If the cookie has not expired, the Application Load Balancer routes traffic to the same EC2 instance.