Forum Discussion

JQB's avatar
JQB
Icon for Nimbostratus rankNimbostratus
Feb 23, 2018

"Always Send Cookie" problems?

Is there a downside to choosing "Always Send Cookie" in an "HTTP Cookie Insert" persistency profile?

 

I am troubleshooting an issue with Cloudflare and a potential issue with my current F5 settings. The below is specifically called out by CF (re: the F5), but I am not 100% that it correlates to the "Always Send Cookie" setting.

 

Per Cloudflare, via https://support.cloudflare.com/hc/en-us/articles/212794707-General-Best-Practices-for-Load-Balancing-with-Cloudflare;

 

// Session cookies section above Cloudflare article

 

If using HTTP cookies to track and bind user sessions to a specific application server at the load balancer, it is best is to configure the load balancer to parse HTTP requests by cookie headers and directing each request to the correct application server even if HTTP requests share the same TCP connection due to keep-alive.

 

For example: F5 BIG-IP load balancers will set a session cookie (if none exists) at the beginning of a TCP connection and then ignore all cookies passed on subsequent HTTP requests made on the same TCP socket. This tends to break session affinity because Cloudflare will send multiple different HTTP sessions on the same TCP connection. (HTTP cookie-based session affinity).

 

  • Adding a oneconnect profile (I assume you already have an http profile) can help to fix that problem. By using oneconnect the client is not fixed to a backend server by a tcp connection, it will load balance the http requests individually so if in the same tcp session it sees different cookies with different persistence information it will honor that. Have a lookhere: https://support.f5.com/csp/article/K7208