Reputation: 1778
Are AWS Elastic Load Balancer sticky sessions necessary with token-based authentication?
If users authenticate with Auth0, get a token, and then send that token on every request, what would be the point of ELB sticky sessions? I'm assuming sticky sessions are not necessary with token-based authentication and that the same user could safely hit difference EC2 instances on each request without any strange behavior. Is that correct?
Upvotes: 1
Views: 288
Answers (1)
Reputation: 7031
Generally speaking, yes. If you aren't saving session state on the application server itself then you can safely hit different servers for each request and not miss a beat.
However, one thing to consider is what happens during application updates?
Let's say you have a website. Then you update that website with a new menu button which directs users to a new page. If you aren't using blue/green deployments, then at some point in the update process you will have two versions of your app running. So imagine the user goes to your website home page which gets directed to version 2.0. The user clicks the newly added button. This request is fielded by a version 1.0 server and now you've got a 404 error because it has no idea about the new page.
You can use sticky sessions not strictly for session state, but for application version consistency during updates.
Upvotes: 1
Related Questions
- Is the most recent AWSALB cookie required? (AWS ELB Application Load Balancer)
- Django user sessions with AWS Load Balancer stickiness turned off
- ELB cross-AZ balancing DNS resolution with Sticky sessions
- Scaling with sticky sessions and websockets
- AWS load balancer just loops back to login page
- Can't get sticky sessions working in AWS?
- AWS Application load balancer with classic load balancer
- AWS API Gateway with external authentication
- Facebook authentication callback to wrong server with AWS ELB elastic load balancer