Hi,
> My web servers contain text file wich contain name of that server. > Then put following line to web browser https://X.X.X.X/index.txt > and browse this page it displays server name One server file index.txt > contains server name etee-live1 and other server the file contains this > server name etee-live2. If affinity works browser displays always the > same server name and then in the sticky tabel must contain one entry. > > But in my SSL affinity case web browser displays once one server name > and on the other refresh browser displays other server name . Then i > look sticky table it displays two entries but in then SSL affinity - > (SSL sticky session) case there must be one entry. > > My sticky table displys: > echo "show table etlive_https" | socat unix-connect:/var/run/haproxy.stat > stdio > # table: etlive_https, type: binary, size:30720, used:2 > 0x17eddd4: > key=7D4CD359DDAB9F3F7F976E7A995045670FFF0118FDDB72773165273BE6DA16FA use=0 > exp=1778829 server_id=2 > 0x17ee1d4: > key=905273E4AC943682F48106A6BD07777486F8FD60F8B80E4860FE7032F7D69DC2 use=0 > exp=1783937 server_id=1 That sounds like your apache backend server doesn't actually cache the session. > If undestood you correctly you suspect that SSL sessions are changing > all the time. What software is responsible changing SSL sessioon ID - > browser , Apache web server ?! The Apache backend server (the browsers you mentioned all reuse the SSL session ID by default). > Person who configred these apache server ensures that these things are > working Please double check with that person that the configuration directives SSLSessionCache [1] and SSLSessionCacheTimeout [2] are properly configured. It looks like Apache by default does not cache at all. Also you can try with Vincent's test tool at [3] whether session resumption is actually done or not. Regards, Lukas [1] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncache [2] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncachetimeout [3] https://github.com/vincentbernat/rfc5077/blob/master/rfc5077-client.c
