Session management is relatively easy for a simple website handled by a single web server. Session information is typically stored in memory or disk and all is well. What about when you have a large website that’s served by a number of web servers? You could store sessions in memory or on disk in the same manner, but that creates a problem. The session information will not be accessible by the other web servers. Since the HTTP protocol is stateless, it is your responsibility to maintain sessions as HTTP requests are spread among the various web servers.
What about “sticky sessions”? Most hardware load balancers support an option called sticky sessions. Sticky sessions can be enabled to keep all HTTP requests from a given user on the same web server. This avoids some of the session management problems, but it introduces a potentially more serious problems. To name a few:
- The distribution of load between web servers can become uneven.
- Scheduled maintenance is more difficult since you cannot simply remove a web server from the load balancer without impacting users.
- High availability is impacted since users will lose their session information if the web server they are “stuck” to crashes. When they are directed to another web server, they might have lost the shopping cart they spend an hour filling. Even worse, they might not go through the effort to refill it!
How are these problems avoided?
