- The client browser may not support cookies, and your load balancer will not be able to identify if a request belongs to a session. This may cause strange behavior for the users who use no cookie based browsers.
- In case one of the machine fails or goes down (even during deployment), the user information (served by that machine) will be lost and there will be no way to recover user session.
- Sticky sessions don’t allow our application to scale correctly. When we bind a server to a specific request, we directly remove the ability to use our other servers’ capacity to fulfill consecutive requests.
- Binding sessions to specific servers can cause security concerns too. What if someone decides to create a session, and then perform a set of very CPU intensive requests on our application? By using sticky sessions, an attacker can perform this operation with half the resources that would be required if we were not using them.
VietMX Staff asked 3 years ago
