Configuring HAProxy for Stick Sessions


I have installed Pound (for SSL off-load) and HAproxy on Debian 6 Squeeze. I am trying to understand the HAProxy documentation to set up sticky sessions as this load balancer will go in front of a web app.

I have also had a look around Server Fault for others' configuring HAProxy for sticky sessions; The obvious way I have seen all over the Internet is something like this under a backend statement;

balance roundrobin
stick store-request src 
stick-table type ip size 200k expire 2m
server web1 check
server web2 check

The other less common method I have seen is to use the option appsession, as doucmented here.

Which should I be using, or both? And why?

Thank you.

Best Answer

it depends on what is best for your application. if your web app uses cookies to do session tracking, then appsession is a good way of doing it. however, if your site uses SSL/TLS and the encryption is on the backend, then haproxy can't read the cookies and you have to use IP. since you're offloading the SSL with pound (assuming it's in front of haproxy) then this shouldn't be a problem for you.

alternatively, if you session state is stored entirely in the cookie or in storage shared between you backend servers (i.e., your database) then you don't need stickiness at all.

probably the reason you don't see appsession used as much in examples is that it's slightly more work then IP stickiness and not always worth the effort, especially since almost everything these days stores session state in shared storage.