OoO Pendant le journal télévisé du lundi 07 novembre 2011, vers 20:16, Mir Islam <mis...@mirislam.com> disait :
> Yea that is the problem. Right now SSL is terminated at the > application level on each server. There is no way to inspect the > cookie even if the server sets one. Sticky session in TCP mode can be > done by source IP (that is why I have balance source). But that > creates the other problem as I mentioned. Folks coming from behind > NAT will hit the same server and not get load balanced. Because > HAProxy will think they are all the same. I was trying to find out if > there is something else that could be done. From my own logical > reasoning, no. :) but I have been wrong before so I was hoping > someone had similar issue. See this post: http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ While this won't work, in theory, if client is requesting to use tickets, almost all clients keep the right session ID even when using tickets. You should of course ensure that a client will keep the same session ID all the time. This means that you need to ensure that your web server is able to resume session with and without tickets correctly. For example, with nginx, you need to configure a session cache. -- Vincent Bernat ☯ http://vincent.bernat.im Keep it right when you make it faster. - The Elements of Programming Style (Kernighan & Plauger)