- 最新
- 投票最多
- 评论最多
Hi there,
ALB sticky sessions utilize cookies in order to determine the target that should handle subsequent requests [1], while CloudFront does not forward cookies in the origin request unless specified in either the cache policy or origin request policy. The cookies that CloudFront needs to forward will depend on whether the ALB is using duration-based cookies, application-based cookies, or both.
If the value of these cookies affects the cached content that is returned to the viewer, then you will want to ensure that each cookie name is added to your cache policy, so that the cookie and its value are part of the cache key [2]. If the value of these cookies does not affect the cached content that's returned to the viewer, then you could consider adding in these cookies in the origin request policy, or using the Managed-AllViewer origin request policy on your media cache behavior to forward the cookies to your origin [3].
If stickiness is not working even when the AWSALB cookie has been added to your cache policy, it may be that additional cookies are being utilized for stickiness that aren't being included in the cache policy or origin request policy, such as the AWSALBCORS cookie for CORS requests or "AWSALBAPP-" cookies if application-based stickiness is being used. To ensure all AWSALB-related cookies are included, you can add "AWSALB*" to your policy. You can also use your browser's developer tools or a HAR capture to identify other cookies that are being set on the client [4], and then add in the necessary cookies to your policies.
References
[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html
[2] https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html
[3] https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html
[4] https://aws.amazon.com/premiumsupport/knowledge-center/support-case-browser-har-file/
Cloudfront caches and serves the Set-Cookie: AWSALB* header. This overwrites newer, valid cookies - breaking stickiness.
Remove the Set-Cookie header in your distribution cache behavior with a response header policy.
In cloudformation:
ResponseHeadersPolicy: Type: AWS::CloudFront::ResponseHeadersPolicy Properties: ResponseHeadersPolicyConfig: Comment: We need to remove AWS* headers from cached assets else these static assets break ALB session stickiness. Name: ResponseHeadersPolicy RemoveHeadersConfig: Items: - Header: "Set-Cookie" Distribution: Type: AWS::CloudFront::Distribution Properties: ... CacheBehaviors: - ... ResponseHeadersPolicyId: !Ref ResponseHeadersPolicy
相关内容
AWS 官方已更新 8 个月前- AWS 官方已更新 2 年前
Thank you for the detailed answer. AWSALB* value doesn't affect the content and adding them to cache key doesn't make much sense to me because those values are constantly changing As origin request policy we are using Managed-AllViewer, though in case of "cache hit" there is no origin request, as I understand. Still we can see AWSALB changing on requests served from cache.