Re: Session stickiness over HTTP and HTTPS

From: Willy Tarreau <>
Date: Tue, 8 Dec 2009 06:42:06 +0100

On Tue, Dec 08, 2009 at 12:56:03AM +0100, Holger Just wrote:
> On 07.12.09 23:19, Anthony Urso wrote:
> > Hi:
> >
> > I am looking for advice on the best way to load-balance HTTP and HTTPS
> > traffic such that once a session is established with either protocol,
> > haproxy continues to send new requests from that session to the same
> > web server.
> >
> > Is this a common use case?
> This indeed pretty common (although, I tend to avoid this for the sake
> of simplicity using cookie-based sessions et al.)
> However, as HTTP is a stateless protocol by definition, which does not
> inherently have the concept of a session, you have to decide for
> yourself (or your app) what exactly a session makes.

Exactly !

When I have to do this, I use stunnel to transform HTTPS into HTTP, and just use the same cookie for both services (most often both protocols point to the same frontend/backend anyway).

Using a source address is generally fine on LANs because PCs don't change their IP often. But it's not practical on the net where you can generally find approximately 5% of your clients who regularly come with a different IP address because of the proxy farms they have to go through.

Willy Received on 2009/12/08 06:42

This archive was generated by hypermail 2.2.0 : 2009/12/08 06:45 CET