How does sticky sessions relate to HTTP and HTTPS;
If I place a load balancer in front of some web app servers that run a front end that supports HTTPS, will the sessions remain "sticky" on a typical load balancer that lists "stick sessions" as one of it's supported features?
I understand that question is partly open ended; To clarify, would I require a load balancer that supports sticky HTTPS session specifical or is "sticky sessions" a principal that functions agnostic of the HTTP payload, be it encrypted or not?
Thank you.
Best Answer
Loadbalancers can identify sessions with cookies, parameters in the url, etc. If you use https on your loadbalancer, the loadbalancer has to do all the SSL handling itself, so it can have a look into the session.
So, yes, you need a loadbalancer which terminates the SSL to the client, so it can access the session data. (no Linux Virtual Server or HAProxy for you then)