We have two servers for load balancing. Sometimes we get an invalid session after successful login into our application and the user session is expired even though the session timeout is configured as 30 minutes. We are not sure whether the authentication is happening in one of the servers and subsequent request goes to another server. This is appears to be random and does not happen to all users.
Noticed invalid session happening only in the selected network. Our application is accessed in 21 different stores across India. Out of which 7 stores has this problem, even all stores using Airtel network. Our application working fine in my office network and airtel data card. But facing weird problem on connecting using Jio network in my laptop. How this happening in the Jio network alone?
Language: Java
Framework: Spring
Server: Jboss 7.1.1
As you said, the problem is most likely because the session is created on one server, but some of the subsequent requests are going to another server that does not have the correct attributes for the session, and hence it thinks the user is not signed in.
You either need to configure sticky session in your load balancer so that all requests for a given session always redirect to one of the two server where the session exists (and sticks to it). In other words, once user1's session gets created on serverA, all subsequent requests stick to it for that session. Likewise, user2's session may or may not end up on the same server or serverB. Sticky session (or session affinity) cam be achieved with configuration only and without code changes.
Alternatively, you can persist the session in an external data source and share it between the two servers without needing sticky session. Spring Session framework provides a very convenient way to achieve session persistent using many external data sources. Session persistent requires code (well, Spring config) changes, so they are a bit more intrusive than using sticky session, but it serves better for load balancing, scalability and availability of your services.
Here are some references that should help you decide or at least learn more:
https://touk.pl/blog/2016/03/22/haproxy-sticky-sessions-for-soap-payloads/
http://docs.spring.io/spring-session/docs/current/reference/html5/