Bootstrap FreeKB - HAProxy (Load Balance) - Cookies, Sticky Sessions, and Samesite
HAProxy (Load Balance) - Cookies, Sticky Sessions, and Samesite
Updated:   |  HAProxy (Load Balance) articles

This assumes you are already familiar with the basic setup of HAProxy with Cookies and Sticky Sessions. If not, check out my article FreeKB - HAProxy (Load Balance) - Load Balance with Cookies and Sticky Sessions.

Let's say you are load balancing two different domains, foo.com and bar.com. Notice in this example each backend has cookie sticky insert indirect nocache

  • cookie sticky means the name of the cookie will be "sticky"
  • insert is used to create the cookie
  • indirect removes the cookie on each incoming request before forwarding the message to the server
  • nocache sets the Cache-Control: private HTTP header so that cache servers between HAProxy and the user won’t cache the response
frontend main
    bind *:80
    bind *:443 ssl crt /etc/pki/tls/my.pem
    balance roundrobin
    option prefer-last-server

    acl foo hdr(host) -i www.foo.com
    use_backend foo if foo

    acl bar hdr(host) -i www.bar.com
    use_backend bar if bar

    default_backend foo

backend foo
    cookie sticky insert indirect nocache
    server server1 10.0.0.1:11111 check cookie server1
    server server2 10.0.0.2:11111 check cookie server2

backend bar
    cookie sticky insert indirect nocache
    server server1 10.0.0.1:22222 check cookie server1
    server server2 10.0.0.2:22222 check cookie server2

 

For example, perhaps the foo app is a NodeJS Express app that redirects to www.bar.com.

const express = require("express")
const app = express()

app.get('/', (req, res) => {
    res.redirect('https://www.bar.com');
})

app.listen(11111)

 

Or a Flask app that redirects to www.bar.com.

from flask import Blueprint, redirect

views = Blueprint('views', __name__)

@views.route('/foo')
def home():
    return redirect('http://www.bar.com')

 

And when the user requested www.foo.com, perhaps they hit server1.

 

And when the foo app redirected the user to www.bar.com, perhaps they hit server2.

 

This shows that the session is not remaining sticky on server1 or server2 when they get redirected. Why is this?

In this example, foo.com and bar.com are different domains, which means they are NOT samesite. On the other hand, foo.example.com and bar.example.com are samesite because they are both in the example.com domain.

Notice that the cookie is Same-site connections only. So of course, one solution would be to get www.foo.com and www.bar.com to be in the same domain, and if possible, check out my article FreeKB - Cookies, Sticky Sessions - Cookies, Sticky Sessions, and Domain.

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 52a967 in the box below so that we can be sure you are a human.