FusionAuth in a cluster and separate user sessions for each node

maciej.wisniowski · 7 Jul 2020, 11:31

Hello

My setup consists of 3 virtual machines running database, FusionAuth & elasticsearch in a clusters plus a load balancer:

vm1: PostgreSQL DB (shared)
vm2: FusionAuth node1 + Elasticsearch node 1
vm3: FusionAuth node2 + Elasticsearch node 2
LoadBalancer

The problem is that every few requests I'm logged out of the FA management panel. It seems to happen when the load balancer directs the request to the FusionAuth node different than the one used for the previous requests. I can see that JSESSIONID cookie gets changed when I'm logged out. Turns out FusionAuth instances are not sharing the user session, is this correct?

The quick fix is to make the load balancer use "sticky sessions" but I wonder if this is the correct way to resolve this. Maybe I have something wrong with the FA configuration?

maciej.wisniowski · 7 Jul 2020, 12:09

Answering to myself, as I've found the information regarding this issue in the docs. Seems "sticky sessions" is the way to go.

https://fusionauth.io/docs/v1/tech/installation-guide/server-layout

"In this scenario FusionAuth should be placed behind a load balancer to utilize both services equally. Session pinning should be utilized to support stateful sessions to FusionAuth"

dan · 7 Jul 2020, 14:38

Yup, sticky sessions is the answer! Glad you were able to sort this out.

dan · 30 Dec 2020, 20:00

Note that as of 1.19.0, session pinning/sticky sessions are no longer required. More details here.