Sticky connections bind a user’s connections though the ELB to a specific target for the duration of the connection. All connections from the user for the session will always be directed to the same backend target. Some applications maintain state information at the server level such as checkout carts or other session tracking data. If the ELB were to direct a user’s connection to different servers during a session, that information could be lost. Sticky, or, as it is often called, session affinity, allows for connection persistence to the target for the duration of the session. Cookie support must be enabled to ensure the client can be identified and directed to the current connection on a specific target. Cookies can be either ELB or application generated.
Application load balancers allow for cookies that are duration based or application based. When configuring a target group, combinations of duration, application based, and no stickiness are supported. ELB-generated cookies are locally encrypted with a rotating key, and you are not allowed to decrypt them or to modify the AWS load balancer–generated cookies.
Stickiness using a duration-based configuration directs requests to a specific target, or server, in a target group for the duration of the session using a load balancer–generated cookie. The cookie is used to map the client connection to the same target server. The session duration time value is defined in the target group. When a request is first received from the client, the ELB uses its configured connection algorithm (such as round-robin) to make the initial connection to the target server. The ELB also generates a cookie named AWSALB that contains information about the target. This cookie is encrypted by AWS and sent to the client in the HTTP response. This cookie manages the sticky connection and has an expiration date of 7 days, which cannot be changed. If the target should fail during the session, a new target is selected, and the cookie is updated and sent to the client. When cross-origin resource sharing (CORS) is used in combination with sticky sessions, a second cookie is generated called AWSALBCORS that contains the same information as the original except for the different domain name.
Stickiness based on applications is also supported on the AWS application load balancer. As with other sticky types, when a request is first received from the client, the ELB uses its configured connection algorithm (such as round-robin) to make the initial connection to the target server. Then a server-based cookie is used to maintain client to target affinity. Note that this cookie is not generated by the application load balancer. However, the load balancer will then take the application-received cookie and automatically create a new application cookie that is AWS encrypted. Both the application cookie and the load balancer cookies are sent to the client for the session. All following requests will use both cookies, with the load balancer using its generated cookie, and the application references the cookie it created for the session.
Most browsers support cookie sizes of up to 4Kb. If the cookies are larger than this, the ELB will fragment them into shards and reference the shard number in the cookie such as AWSALBAPP-0 and then AWSALBAPP-1, incrementing to the size of the cookies in 4Kb blocks.