Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Session stickiness required in multi node HA deployment #37

Open
sharma-manish opened this issue Sep 13, 2021 · 3 comments
Open

Session stickiness required in multi node HA deployment #37

sharma-manish opened this issue Sep 13, 2021 · 3 comments
Labels
question Further information is requested

Comments

@sharma-manish
Copy link

The OIDC plugin requires session stickiness to be enabled in case of highly available deployment topology. This is an anti pattern. Can something be done for removing this dependency?

Browsers typically send request for multiple resources for a site in parallel. In a multi node deployment with round robin load balancing algorithm, the login process can potentially get triggered for multiple requests.

@tippexs tippexs added the question Further information is requested label Sep 21, 2021
@tippexs
Copy link
Contributor

tippexs commented Sep 21, 2021

Hi sharma-manish - thanks for reaching out.

Why do you think it requires session stickiness? The key-value-store used should be in sync with all cluster nodes. So that given it doesn't matter on which instance you request will be processed. Does this make sense?

For more information about cluster state snyc see the following link:
https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/

@sharma-manish
Copy link
Author

sharma-manish commented Sep 21, 2021

Lets assume you have a 5 node cluster spread across different data centres for HA and DR. The key value store can be "synced" across cluster nodes, but it is going to have some latency.
Lets say your web page embeds various widgets which execute several REST calls to the backend, AND your backend is configured for "round robin" load balancing, so first 5 REST calls will potentially land on different Nginx nodes. And since browsers typically send several requests in parallel, you might see login process being triggered for some of the requests.

We have tried running our application without session stickiness and observed these issues. We were then told to enable session stickiness to work around this.

@tippexs
Copy link
Contributor

tippexs commented Nov 1, 2021

I understand your point. So the request would be to be able to turn the opaque cookie on and off. So the access_token will be send as a cookie instead of the opaque session reference?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants