Persistence and user session - real life settings

Hi,

 

I am not very experienced with web apps so looking for advice how persistence (lets say cookie insert) should be set in relation to user session in application.

 

First off all I wonder if I am getting things right, so here is my understanding of dependencies:

 

User session ID is important to keep track of user related data by given instance off web application (or instances if it's shared somehow) for example to enable shopping cart. This is relevant for given instance of user - application interaction. To preserve server resources some kind of valid period is used (my guessing, wonder how it is in production, browser session or rather some set expiration time is used). Sure most often cookie is used to tie multiple user TCP connections to given app session.

 

Then there is persistence used by LBs to direct new TCP connections (or HTTP request) from user to the same server that served first request. This process do not really care what is relation between user and app session, it only cares to send request to the same server, then app running on the server takes care about user - app session mapping. Again cookies are used for that. This cookies can have different validity setting than app session cookies.

 

If above is correct then I would like to find out how relation between validity for persistence cookies and app cookies and influence on skewing LB results.

 

If for example there is 10 minutes validity period for app session cookie and session validity for persistence cookie it probably can lead to situation when request from the same users are all the time directed to the same server even if completely new app session can be used for this interaction, so I see it like that:

 

1. User did not closed browser, so persistence cookie with Session Cookie enabled is still valid. This is forcing LB to send request to the same server user originally connected (maybe 5 days ago - I am keeping browser open for days for example)
2. App session cookie expired long time ago, let's say 10 minutes idle timeout was used, user transaction was finished. There is no need (I guess so) to direct new request to the same server so LB could be used to send it to another server.

Based on above some servers can be loaded with much more connection than necessary, instead of being load balanced according to chosen algorithm.

 

If all my assumptions are correct what are best practices to achieve best server load keeping of course app functionalists intact. Set persistence cookie expiration to a bit longer period than app session expiration? Keep using Session Cookie because in production there is not real influence of such setting on even server load?

 

Piotr