FusionAuth in a cluster and separate user sessions for each node
-
Hello
My setup consists of 3 virtual machines running database, FusionAuth & elasticsearch in a clusters plus a load balancer:
- vm1: PostgreSQL DB (shared)
- vm2: FusionAuth node1 + Elasticsearch node 1
- vm3: FusionAuth node2 + Elasticsearch node 2
- LoadBalancer
The problem is that every few requests I'm logged out of the FA management panel. It seems to happen when the load balancer directs the request to the FusionAuth node different than the one used for the previous requests. I can see that JSESSIONID cookie gets changed when I'm logged out. Turns out FusionAuth instances are not sharing the user session, is this correct?
The quick fix is to make the load balancer use "sticky sessions" but I wonder if this is the correct way to resolve this. Maybe I have something wrong with the FA configuration?
-
Answering to myself, as I've found the information regarding this issue in the docs. Seems "sticky sessions" is the way to go.
https://fusionauth.io/docs/v1/tech/installation-guide/server-layout
"In this scenario FusionAuth should be placed behind a load balancer to utilize both services equally. Session pinning should be utilized to support stateful sessions to FusionAuth"
-
Yup, sticky sessions is the answer! Glad you were able to sort this out.
-
Note that as of 1.19.0, session pinning/sticky sessions are no longer required. More details here.
