02-06-2012 01:58 AM
Dear all,
Our E-commerce web application (HTTPS) is being loadbalanced by ACE20 and it is important to keep track of the user sessions in the context off user authentication by enabling session persistency (stickyness)
Some of our customers are behind a multi-proxy ISP, hence if they should change from proxy during the same application session,
that would take a re-authentication on our application.
So, we need stickyness, but not based on its IP sources (‘cus off the multi-proxy clients)
Would there be any other option to tackle this issue?
Thank you !
Kind reagards,
Wim
Solved! Go to Solution.
02-06-2012 02:13 AM
Hi Wim,
For this kind of setup, the best approach is using HTTP cookie stickiness, either inserted by the application servers or directly by the ACE.
The only drawback of this method is that, since you are using HTTPS, you will need to configure your ACE to do SSL termination. Without it, it won't be able to look into the HTTP data and read/insert cookies.
The link below contains a configuration example including SSL termination and cookie stickiness. You may find it useful
Regards
Daniel
02-06-2012 02:13 AM
Hi Wim,
For this kind of setup, the best approach is using HTTP cookie stickiness, either inserted by the application servers or directly by the ACE.
The only drawback of this method is that, since you are using HTTPS, you will need to configure your ACE to do SSL termination. Without it, it won't be able to look into the HTTP data and read/insert cookies.
The link below contains a configuration example including SSL termination and cookie stickiness. You may find it useful
Regards
Daniel
02-06-2012 04:41 AM
Daniel,
Thanks for your quick response.
Seems like a fair solution, but I was wondering what the options would be if we're not allowed to do SSL offloading.
Do have any customers or experience dealing with this particular constraint?
Thanks !
Wim
02-06-2012 05:10 AM
Hi Wim,
If you are unable to do SSL termination, your available choices are limited to the L4 sticky methods only. This unforuntely means you can only do either source-ip stickiness or SSL id
Regarding SSL id, you would need to confirm whether you application keeps using the same id after a disconnection (when it possibly changes proxy)
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide