ALB sticky sessions utilize cookies in order to determine the target that should handle subsequent requests , while CloudFront does not forward cookies in the origin request unless specified in either the cache policy or origin request policy. The cookies that CloudFront needs to forward will depend on whether the ALB is using duration-based cookies, application-based cookies, or both.
If the value of these cookies affects the cached content that is returned to the viewer, then you will want to ensure that each cookie name is added to your cache policy, so that the cookie and its value are part of the cache key . If the value of these cookies does not affect the cached content that's returned to the viewer, then you could consider adding in these cookies in the origin request policy, or using the Managed-AllViewer origin request policy on your media cache behavior to forward the cookies to your origin .
If stickiness is not working even when the AWSALB cookie has been added to your cache policy, it may be that additional cookies are being utilized for stickiness that aren't being included in the cache policy or origin request policy, such as the AWSALBCORS cookie for CORS requests or "AWSALBAPP-" cookies if application-based stickiness is being used. To ensure all AWSALB-related cookies are included, you can add "AWSALB*" to your policy. You can also use your browser's developer tools or a HAR capture to identify other cookies that are being set on the client , and then add in the necessary cookies to your policies.
- asked 6 months ago
- AWS OFFICIALUpdated 5 years ago
- AWS OFFICIALUpdated 2 years ago
- How do I attach backend instances with private IP addresses to my internet-facing load balancer in ELB?AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 7 months ago
- EXPERTpublished 5 months ago
Thank you for the detailed answer. AWSALB* value doesn't affect the content and adding them to cache key doesn't make much sense to me because those values are constantly changing As origin request policy we are using Managed-AllViewer, though in case of "cache hit" there is no origin request, as I understand. Still we can see AWSALB changing on requests served from cache.