AWSALB and AWSALBCORS are 3rd party cookies in web


Our services are called from the websites of our customers.

We use ALB to balance and forward requests to the final targets.

Some of our services require session stickiness. AWSALB* cookies are created in our own domain, so they are considered 3rd party cookies (which they are, in fact). However, this is huge a problem, since we cannot serve clients with 3rd party cookies blocked in their browsers.

How can we handle this?

Is there a way to keep session stickiness without those cookies?

Thanks in advance.

asked 2 years ago6232 views
1 Answer
Accepted Answer

As you know, ALB supports stickiness with cookie and the cookie could be either ALB generated or Web App generated. If it's not possible to use non of these cookie in your environment, you can think of using NLB instead of ALB. NLB is not for application load balancer and is working at layer 4. But NLB can distribute HTTP traffic and you can use stickiness with source ip address. The other thing you should consider is that Health Check of NLB is not application layer but tcp layer so NLB can't check the health of target group at application layer. If you're OK with source IP stickiness and health check method of NLB is OK to use, you can try to use NLB.

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions