I have an issue with sticky sessions, currently we’re using a cookie set by the AX on http-request, the issue I have (it’s a webshop) is that upon checkout, the store switches from http to https and thus we get a new cookie and there’s a high probability that the shopping cart is lost due to server switch.
Though I don’t see how it would work, what makes it so that the AX knows what server to keep track of with that http-response cookie? (We already use JSESSIONID for other stuff).
Another solution I thought of is to somehow create the https-cookie upon the first http-request.
Any ideas/thoughts?
Thomas: Yes, they are at the same virtual server. I’m not following you, we have 1 template for the cookie where match type server is set. Where do I find match type service?
Mischa: Not using aflex, it’s a cookie persistance template at the moment, though I linked to that aflex as I think it’s a possible solution, but I want to understand how it works, because to my eyes all that script does is to check if there is a cookie and then save the info, I don’t see any connection between that info and which server to send the client to.
The way it works is as follows.
On the incoming client request a server is selected based on the load balancing method you have specified. One the server is selected a cookie is inserted, to the client only, which contains a hash of the destination server. Any subsequent request will be send to this server as long as the cookie is present.
The different match types will tell us for which requests we would use the same server. When the match type is port we will only forward requests to the specific port to which the template is applied. Which can mean that request via port 80 and port 443 will end up at different serves. By using match-type server you can prevent this.
The cookie template will need to look something like: slb template persist cookie tp-cookie-persist match-type server
Without an expire the cookie will be removed as soon as the browser closes.
This template needs to be applied to both ports, 80 and 443.
We have it set up like that, at least in the gui, I will see if it differs in cli.
My guess is that we have either done something wrong in the server group/virtual server or there’s a bug in the gui showing us wrong information (match type server set, but not effective).
So we performed the update and we see no different results. I suspect misconfiguration.
Could you go through how it should be set up or point me to a resource with instructions? Because what I have available today is not entirely logical or correct it seems.
I might not be able to supply the running config, I can check. But I can describe the setup:
2 service groups, app:80 and app:443, 1 virtual server pointing port 80 and 443 to respective service group. 2 virtual service, 80 and 443, both have the same cookie persist template.
Most of the settings are default.
Ah… that explains it. You are not using the same service-group for both port 80 and 443.
Where are you terminating the SSL session? On the AX or the Server?
No idea if you can PM me through this forum, but you can drop me an email on mpeters [at] a10networks [dot] com