Session affinity
1 min read
When you enable session affinity, your load balancer directs all requests from a particular end user to a specific origin server. This continuity preserves information about the user session — such as items in their shopping cart — that might otherwise be lost if requests were spread out among multiple servers.
Session affinity can also help reduce network requests, leading to savings for customers with usage-based billing.
How it works
Session affinity automatically directs requests from the same client to the same origin web server:
- When a client makes its first request, Cloudflare sets a
__cflb
cookie on the client (to track the associated origin web server). - Subsequent requests by the same client are forwarded to that origin for the duration of the cookie and as long as the origin server remains healthy.
- If the cookie expires or the origin server becomes unhealthy, Cloudflare sets a new cookie tracking the new failover origin.
All cookie-based sessions default to 23 hours unless you set a custom session Time to live (TTL).
The session cookie is secure when Always Use HTTPS is enabled. Additionally, HttpOnly is always enabled for the cookie to prevent cross-site scripting attacks.