When you enable session affinity, your load balancer directs all requests from a particular end user to a specific origin server. This continuity preserves information about the user session — such as items in their shopping cart — that might otherwise be lost if requests were spread out among multiple servers.
Session affinity can also help reduce network requests, leading to savings for customers with usage-based billing.
Session affinity specifies the type of session affinity the load balancer should use unless specified as
On the first request to a proxied load balancer, a cookie is generated, encoding information of which origin the request will be forwarded to. Subsequent requests, by the same client to the same load balancer, will be sent to the origin server the cookie encodes for the duration of the cookie and as long as the origin server remains healthy. If the cookie has expired or the origin server is unhealthy, a new origin server is calculated and used.
How does it work?
Session affinity automatically directs requests from the same client to the same origin web server:
- When a client makes its first request, Cloudflare sets a
cflibcookie on the client (to track the associated origin web server).
- Subsequent requests by the same client are forwarded to that origin for the duration of the cookie and as long as the origin server remains healthy.
- If the cookie expires or the origin server becomes unhealthy, Cloudflare sets a new cookie tracking the new failover origin.
All cookie-based sessions default to 23 hours unless you set a custom session Time to live (TTL).
This behaves similar to
cookie except the initial origin selection is stable and based on the client’s IP address.
On the first request to a proxied load balancer, a session key based on the configured HTTP headers is generated, encoding the request headers used for storing in the load balancer session state which origin the request will be forwarded to. Subsequent requests to the load balancer with the same headers will be sent to the same origin server, for the duration of the session and as long as the origin server remains healthy. If the session has been idle for the duration of session affinity TTL seconds or the origin server is unhealthy, then a new origin server is calculated and used.
Control how headers are used
By default, at least one of the HTTP headers that you configure for session affinity by HTTP header must be present on requests sent to your load balancer in order for header-based sessions to be created. If a client adds or removes HTTP headers on their requests and they have already established a session, a new session will be created based on the new HTTP headers found in subsequent requests as long as they are specified in your configuration.
If you would like to require all of your configured HTTP headers to be present on requests in order for sessions to be created, then set
true via the Cloudflare API or toggle
Require all headers to
enabled in the Cloudflare dashboard when editing your load balancer.
Enabling Session Affinity from the Cloudflare dashboard
If you enable Session Affinity, choose one of the following options:
- By Cloudflare cookie only: Sets a
cflibcookie to track the associated origin web server.
- By Cloudflare cookie and Client IP fallback: Sets a
cflibcookie, but also uses the client IP address when no session affinity cookie is provided.
- By HTTP header.
Enabling Session Affinity via the Cloudflare API
Session affinity is a property of load balancers, which you can set with the following endpoints:
Customize the behavior of session affinity by using the
To enable session affinity by HTTP header, set the
session_affinity value to
header and add your
HTTP header names to
Zero-Downtime Failover automatically sends traffic to origin servers within a pool during transient network issues. This helps reduce errors shown to your users when issues occur in between active health monitors.
You can enable one of three options:
- None: No failover will take place and errors may show to your users.
- Temporary: Traffic will be sent to other origin(s) until the originally pinned origin is available.
- Sticky: The session affinity cookie is updated and subsequent requests are sent to the new origin moving forward as needed.