GEP-1619: Session Persistence via BackendLBPolicy

  • Issue: #1619
  • Status: Provisional

(See status definitions here.)

Graduation Criteria

Implementable

This GEP was accidentally merged as Provisional before the required approval from 2 maintainers had been received. Before this graduates to implementable, we need to get at least one of @robscott or @youngnick to also approve this GEP.

Before this GEP graduates to Implementable, we must fulfill the following criteria:

  1. Should we leave room in this policy to add additional concepts in the future such as Session Affinity? If so, how would we adjust the naming and overall scope of this policy?
    • Answer: Yes. We adjusted the API to use BackendLBPolicy. See API for more details.
  2. Should we leave room for configuring different forms of Session Persistence? If so, what would that look like?
  3. What name appropriately describe the API responsible for configuring load-balancing options for backend traffic?
    • Answer: We decided on BackendLBPolicy since it is aligned with BackendTLSPolicy, describes configuration related to load balancing, and isn’t too long.
  4. Finish designing the Route Rule API and document edge cases in Edge Case Behavior for configuring session persistence on both BackendLBPolicy and route rules.

Standard

Before this GEP graduates to the Standard channel, we must fulfill the following criteria:

  • Sign-off from the GAMMA leads to ensure service mesh gets fully considered.

TLDR

This GEP initially proposes a definitions for session persistence, followed by the definition of an API spec for configuring it. Additionally, it explores example scenarios of session persistence and examines the approaches that implementations have taken to design APIs for session persistence. It intentionally refrains from defining an API for session affinity, as this design is expected to be addressed within a separate GEP.

Goals

  • Define session persistence and session affinity to establish a common language
  • Identify differences in session persistence functionality between implementations
  • Define an API for session persistence
  • Establish anticipated outcomes for specific API configurations or scenarios

Non-Goals

  • Define an API for session affinity
  • Mandate a default session persistence or session affinity functionality for implementations
  • Prescribe the precise manner (the “how”) in which implementations should achieve session persistence or handle specific scenarios
  • Add API configuration for supporting backend initiated sessions

Introduction

Defining Session Persistence

Session persistence is when a client request is directed to the same backend server for the duration of a “session”. It is achieved when a client directly provides information, such as a header, that a proxy uses as a reference to direct traffic to a specific server. Persistence is an exception to load balancing: a persistent client request bypasses the proxy’s load balancing algorithm, going directly to a backend server it has previously established a session with.

Session persistence enables more efficient application workflows:

  1. Better performance: Maintaining a single session allows a server to cache information about a client locally reducing the need for servers to exchange session data and overall storage needs.
  2. Seamless client experience: Clients can reconnect to the same server without re-authenticating or re-entering their information.

Some of the concerns of session persistence are the duration and expiration of the session, security of the transaction stream, and storage of the context or state.

Session affinity, not to be confused with session persistence, uses an existing attribute of the request to consistently send to the same backend. Session affinity can be considered a weaker form of session persistence: it is not guaranteed to persist a connection to the same backend server if certain attributes of the request or the backends are changed.

Security and Privacy Implications

Session persistence can introduce security and privacy vulnerabilities if not properly implemented. These vulnerabilities can include:

  1. Session hijacking: Attackers intercepting or predicting a valid session token to gain unauthorized access.
  2. Session fixation: Attackers setting a client’s session ID to a known value, which they can then use to hijack the session.
  3. Session replay attacks: Attackers capturing and resending a client’s message with a valid session ID.
  4. Data leakage: Attackers can exploit sensitive session information cached on servers if not properly secured.
  5. Denial of service attacks: Attackers can use up server resources by creating and maintaining large numbers of sessions.

To mitigate these security concerns, it is important to implement session persistence using secure practices, such as using strong session ID generation algorithms, implementing session timeouts, encrypting sensitive data, and monitoring server resources for unusual activity.

IP address reuse may also be a security or privacy concern when using session persistence or session affinity. If Kubernetes reuses an IP address of previously shutdown pod, the new pod may receive session persistent traffic meant for the old pod.

Session affinity introduces fewer security and privacy vulnerabilities since there are no session tokens to protect or exploit.

Achieving Session Persistence

Session persistence is achieved using attributes residing in the application layer. The following are mechanisms for achieving session persistence:

1. Cookie-Based Session Persistence

The most common mechanism is by using cookies (described by RFC6265) with the set-cookie HTTP response header. A client will use the provided value in the set-cookie response header in a cookie request header in subsequent requests. Proxies can use this cookie header to maintain a persistent connection to a single backend server on behalf of the client.

2. Header-Based Session Persistence

Header-based stateful sessions are achieved by a backend or gateway providing an HTTP response header and the client using the same header in subsequent HTTP requests. Proxies can use this header to maintain a persistent connection to a single backend server on behalf of the client.

3. URL-Encoded Session Persistence

Session information can be also encoded into the request URL to establish a persistent session. The server rewrites the client’s URL to encode the new session information automatically. The server or the gateway then decodes the session information from the URL to identify the session.

Session Persistence Initiation

For all implementations of session persistence, the initiation of the persistent session is possible from various sources, including the gateway, intermediary gateway, backend, a sidecar in a backend, or any other infrastructure component.

Let’s consider a simple implementation comprised of gateways and backends. The following rules apply based on who initiates the session:

  • If the gateway initiates the session, the backend will be presented with session attributes regardless if it enabled them.
  • If the backend initiates the session, the gateway should allow this and not force persistent connections, unless specifically configured to. The gateway may decode and alter the cookie established by the backend to achieve session persistence.

It’s important to note that we can have more complex implementations which involve traversing global load balancers, regional load balancers, intermediary internal gateways, sidecars, or waypoints before reaching the backend. At any point within this architecture, a persistent session can be initiated. See Global Load Balancer Initiated Session Example for an example of one of these alternative implementations.

In the next sections, we will take a closer look at the initiation of sessions in both the gateway and the backend. Please note that in the next sections, we are examining the various scenarios in which a session can be initiated. We are not prescribing specific implementations for session persistence. The intention is to understand the possibilities and behaviors related to session initiation while the API section will provide more details on specific implementation details.

Gateway Initiated Session Example

To illustrate how a gateway can initiate a session, let’s examine an implementation that uses cookies for persistence. This represents the most straightforward scenario for utilizing cookies. When a request is made, the gateway includes the set-cookie header in the final response, prompting the client to store the cookie. This cookie is subsequently used in future requests, allowing the gateway to consistently choose the same upstream, establishing a persistent session.

Here an example implementation of a gateway initiating a session through cookies:

  1. sequenceDiagram
  2.     actor C as Client
  3.     participant G as Gateway
  4.     participant B as Backend
  5.     C->>+G: Request Web Page
  6.     activate G
  7.     G->>+B: Request
  8.     B-->>-G: Response
  9.     G->>G: Add set-cookie header
  10.     G-->>-C: Response<br>[set-cookie]
  11.     Note right of G: [set-cookie] indicates a response<br> with a set-cookie header.<br>May include other set-cookie<br>headers from backend.
  12.     C->>C: Create Cookie(s)<br>from set-cookie header(s)
  13.     Note right of C: [cookie] indicates a request<br> with one or more cookies
  14.     C->>+G: Request Web Page<br>[cookie]
  15.     G->>G: Consistent lookup of<br>server using cookie value
  16.     G->>+B: Request<br>[cookie]
  17.     B-->>-G: Response
  18.     G-->>-C: Response

Backend Initiated Session Example

Important: While we took it into consideration, this GEP does not support configuring backend-initiated sessions. This could potentially affect frameworks that initiate sessions in the backend. Implementing this feature is complicated and requires careful design, making it suitable for exploration in a separate GEP.

Continuing with the cookie example, when dealing with backend-initiated sessions, the process becomes somewhat more complex. For cookie-based session persistence, the gateway needs to store a value within a cookie containing a backend identifier. This identifier can be then used as a reference to maintain a persistent session to a specific backend. There are several approaches a gateway could use in this situation to achieve session persistence:

  1. Insert an additional cookie
  2. Modify the existing cookie’s value
  3. Prefix the existing cookie

Additionally, there are variations to each of these approaches, such as making new or updated cookies transparent to the backend, either by remove an inserted cookie or reversing modifications of the cookie’s value.

Alternatively, if the backend is not configured for session persistence, the gateway should refrain from modifying or inserting a cookie. In this situation, the gateway should remain passive and simply forward the set-cookie header as it is.

Refer to the Session Initiation Guidelines section of the API for implementation guidance.

Here’s an example implementation of a backend initiating a session and the gateway modifies the cookie’s value:

  1. sequenceDiagram
  2.     actor C as Client
  3.     participant G as Gateway
  4.     participant B as Backend
  5.     C->>+G: Request Web Page
  6.     activate G
  7.     G->>+B: Request
  8.     B->>B: Add set-cookie<br>header
  9.     B-->>-G: Response<br>[set-cookie]
  10.     G->>G: Modify set-cookie<br>header per configuration
  11.     G-->>-C: Response<br>[set-cookie*]
  12.     Note right of G: [set-cookie] indicates a response<br> with a set-cookie header<br>[set-cookie*] indicates a response<br>with a MODIFIED set-cookie header
  13.     C->>C: Create Cookie<br>from set-cookie header
  14.     Note right of C: [cookie] indicates a request<br>or response with a cookie
  15.     C->>+G: Request Web Page<br>[cookie]
  16.     G->>G: Consistent lookup<br>of server using cookie value
  17.     G->>+B: Request<br>[cookie]
  18.     B-->>-G: Response
  19.     G-->>-C: Response

Global Load Balancer Initiated Session Example

In a more complex architecture example, a global load balancer may need to use cookies in order to maintain persistent connections to a regional load balancer. The regional cluster load balancer initiates the session by issuing the set-cookie header and subsequently uses the cookie to maintain persistent connections to a specific backend. The global load balancer then adds or modifies a cookie in order to establish persistent connection to a regional cluster load balancer.

Here an example implementation of a global load balancer and a regional load balancer creating sessions through cookies:

  1. sequenceDiagram
  2.     actor C as Client
  3.     participant G as Global<br>Load Balancer
  4.     participant R as Regional Cluster<br>Load Balancer
  5.     participant B as Backend
  6.     C->>+G: Request Web Page
  7.     G->>+R: Request
  8.     R->>+B: Request
  9.     B-->>-R: Response
  10.     R->>R: Initiates session by<br>adding set-cookie header
  11.     R-->>-G: Response<br>[set-cookie]
  12.     G->>G: Add or modify<br>set-cookie header
  13.     G-->>-C: Response<br>[set-cookie*]
  14.     Note right of G: [set-cookie] indicates a response<br> with a set-cookie header<br>[set-cookie*] indicates a response with a<br>modified or additional set-cookie header
  15.     C->>C: Create Cookie<br>from set-cookie header
  16.     Note right of C: [cookie] indicates a request<br> with one or more cookies
  17.     C->>+G: Request Web Page<br>[cookie]
  18.     G->>G: Consistent lookup of<br>regional cluster load balancer<br>using cookie value
  19.     G->>+R: Request<br>[cookie]
  20.     R->>R: Consistent lookup of backend<br>using cookie value
  21.     R->>+B: Request<br>[cookie]
  22.     B-->>-R: Response
  23.     R-->>-G: Response
  24.     G-->>-C: Response

When does an application require session persistence?

Enabling session persistence is a required configuration for applications intentionally designed by the application developer to use it, as they will encounter failures or malfunctions when it’s not enabled. However, it’s worth noting that certain applications may be designed to function both with and without session persistence. Regardless, the importance of Gateway API supporting session persistence remains emphasized because it is frequently seen as a necessary feature.

Conversely, apps that have not been designed or tested with session persistence in mind may misbehave when it is enabled, primarily because of the impacts of load distribution on the app. Apps using session persistence must account for aspects like load shedding, draining, and session migration as a part of their application design.

The Relationship of Session Persistence and Session Affinity

Though this GEP’s intention is not to define a spec for session affinity, it is important to recognize and understand its distinction with session persistence. While session persistence uses attributes in the application layer, session affinity often uses, but is not limited to, attributes below the application layer. Session affinity doesn’t require a session identifier like session persistence (e.g. a cookie), but instead uses existing connection attributes to establish a consistent hashing load balancing algorithm. It is important to note the session affinity doesn’t guarantee persistent connections to the same backend server.

Session affinity can be achieved by deterministic load balancing algorithms or a proxy feature that tracks IP-to-backend associations such as HAProxy’s stick tables or Cilium’s session affinity.

We can also examine how session persistence and session affinity functionally work together, by framing the relationship into a two tiered logical decision made by the data plane:

  1. If the request contains a session persistence identity (e.g. a cookie or header), then route it directly to the backend it has previously established a session with.
  2. If no session persistence identity is present, load balance as per load balancing configuration, taking into account the session affinity configuration (e.g. by utilizing a hashing algorithm that is deterministic).

This tiered decision-based logic is consistent with the idea that session persistence is an exception to load balancing. Though there are different ways to frame this relationship, this design will influence the separation between persistence and affinity API design. We acknowledge the discrepancies in the definitions of session persistence and session affinity in the industry. However, for the purpose of establishing a common language for this GEP, we have opted to utilize these definitions.

Implementations

In this section, we will describe how implementations achieve session persistence, along with a breakdown of related configuration options. Input from implementations is appreciated to complete this information.

In the following tables, we will example two types of APIs:

  1. Dataplane APIs
  2. Implementation APIs

Generally, the implementation API programs the dataplane API; however these two are not always clearly separated. The two types of APIs can use different API structures for configuring the same feature. Examining the dataplane APIs helps to remove the layer of API abstraction that implementations provide. Removing this layer avoids situations where implementations don’t fully implement all capabilities of a dataplane API or obfuscate certain configuration around session persistence. On the other hand, examining implementation APIs provides valuable data points in what implementations are interested in configuring.

Table Last Updated: Feb 21, 2024

TechnologyTechnology TypeSession Persistence TypeConfiguration OptionsConfiguration Association (Global, Gateway, Route, or Backends)Notes
Acnodal EPICImplementation (Envoy)N/ASupports Gateway API OnlyN/AAcnodal Epic solely uses Gateway API; therefore, it doesn’t yet have a way to configure session persistence. Acnodal EPIC Docs
Amazon Elastic Kubernetes ServiceImplementation / DataplaneN/ASupports Gateway API OnlyN/AAmazon Elastic Kubernetes Service solely uses Gateway API; therefore, it doesn’t yet have a way to configure session persistence. Amazon Elastic Kubernetes Service Docs
Apache APISIXImplementation (Nginx)Cookie-Basedhash_on=[vars | header | cookie | consumer]
key=cookie_name		Upstream (Route or Backends)N/A
Implementation (Nginx)Header-Basedhash_on=[vars | header | cookie | consumer]
key=header_name		Upstream (Route or Backends)N/A
Apache httpdWeb ServerCookie-Based / URL-EncodedCookie AttributesN/AN/A
Avi Kubernetes OperatorImplementation / DataplaneCookie-BasedShared Persistence Cookie Mode=[Insert | Prefix | Rewrite] Cookie Name=name Cookie Domain=domain Cookie Fallback=domain Cookie Path=path Cookie Garbling Cookie Type=[ Session Cookie | Persistence Cookie] Http Only Flag Secure Flag Max Idle Time=time Max Cookie Age=timeRouteN/A
Azure Application Gateway for ContainersImplementation / DataplaneCookie-BasedaffinityType=[application-cookie | managed-cookie]
cookieName=name
cookieDuration=seconds		RouteRoutePolicy which attaches to HTTPRoutes
BIG-IP Kubernetes GatewayImplementation (F5 BIG-IP)N/ASupports Gateway API OnlyN/ABIG-IP Kubernetes Gateway solely uses Gateway API; therefore, it doesn’t yet have a way to configure session persistence. BIG-IP Kubernetes Gateway Docs
CiliumImplementation / DataplaneNoneNoneNoneCilium has no documented way of doing session persistence. Cilium Docs
ContourImplementation (Envoy)Cookie-BasedName=name
pathRewrite=path
domainRewrite=domain
secure
sameSite		Route and Service (Backends)Envoy does not natively support cookie attribute rewriting nor adding attributes other than path and TTL, but rewriting and adding additional attributes is possible via Lua (Contour design reference, Envoy Issue).
EasegressImplementation / DataplaneNoneNoneNoneEasegress Docs
Emissary-IngressImplementation (Envoy)Cookie-BasedName=name
Path=path
TTL=duration		Module or Mapping (Global or Route)N/A
Header-BasedName=nameModule or Mapping (Global or Route)N/A
EnvoyDataplaneCookie-BasedName=name
Path=path
TTL=duration		HttpConnectionManager (Route)Envoy does not natively support cookie attribute rewriting nor adding attributes other than path and TTL, but rewriting and adding additional attributes is possible via Lua (Contour design reference, Envoy Issue).
Header-BasedName=nameHttpConnectionManager (Route)N/A
Envoy GatewayImplementation (Envoy)N/ASupports Gateway API OnlyN/AEnvoy Gateway solely uses Gateway API; therefore, it doesn’t yet have a way to configure session persistence. Envoy Gateway Docs
Flomesh Service MeshImplementation / Dataplane (Pipy)????
Gloo GatewayImplementation (Envoy)Cookie-BasedName=name Path=path TTL=durationRoute (Route)N/A
Header-BasedName=nameRoute (Route)N/A
Google CloudRunDataplaneCookie-BasedEnabled / DisabledService (Backends)Only allowed to turn off or on, no other configuration items
Google Kubernetes EngineImplementation / DataplaneCookie-BasedGENERATED_COOKIE or HTTP_COOKIE=name
cookieTtlSec		Backend Policy (Backends)Google Kubernetes Engine lists the products that can do persistence/affinity mode. All persistence/affinity options are exclusive and can’t be used at the same time.
Note: Google Kubernetes Engine defines everything (persistence and affinity) as session affinity.
Header-BasedhttpHeaderName=nameBackend Policy (Backends)N/A
HAProxyDataplaneCookie-Basedname=name
[rewrite | insert | prefix ]
indirect
nocache
postonly
preserve
httponly
secure
domain=domain
maxidle=idle
maxlife=life
dynamic
attr=value		Default or Backends (Global or Backends)HAProxy allows for operational cookie strategy configuration (i.e. when/how HAProxy should inject cookies)
HAProxy IngressImplementation (HAProxy)Cookie-Basedaffinity (enable/disable)
cookie-key=key
session-cookie-domain=domain
session-cookie-dynamic=[true | false]
session-cookie-keywords=keywords
session-cookie-name=name
session-cookie-preserve=[true | false]
session-cookie-same-site=[true | false]
session-cookie-shared=[true | false]
session-cookie-strategy=strategy
session-cookie-value-strategy=value_strategy		Backend (Backends)N/A
Hashicorp ConsulImplementation (Envoy)N/ASupports Gateway API OnlyN/AHashicorp Consul solely uses Gateway API; therefore, it doesn’t yet have a way to configure session persistence. Hashicorp Consul API Gateway Docs
IstioImplementation (Envoy)Cookie-BasedName=name
Path=path
TTL=duration		ConsistentHashLB (Backends)Istio also supports turning on cookie-based session persistence via the Pilot ENV variable PILOT_PERSISTENT_SESSION_LABEL.
Implementation (Envoy)Header-BasedName=nameConsistentHashLB (Backends)N/A
Java ServletWeb ServerCookie-Based / URL-Encodedinvalidate()
setAttribute(String name, Object value)
setMaxInactiveInterval(int interval)		N/AJava Servlets do not natively support proxy functions.
KongImplementation / DataplaneCookie-Basedcookie_name=name
rolling_timeout=timeout
absolute_timeout=timeout
idling_timeout=timeout
cookie_path=path
cookie_domain=domain
cookie_same_site=[Strict | Lax | None | off]
cookie_http_only
cookie_secure=[true | false]
stale_ttl=duration
cookie_persistent=[true | false]
storage=storage_type		Route, Service, Global (Route or Backends or Global)N/A
Header-BasednameUpstreams (Backends)N/A
KumaImplementation (Envoy)NoneNoneNoneKuma has no documentation on how it supports session persistence or cookies. Kuma Docs
LinkerdGamma ImplementationNoneNoneNoneLinkerd Docs
LiteSpeed Ingress Controller?????
NginxDataplaneCookie-Based (Nginx Plus Only)Name=name
Expires=time
Domain=domain
HttpOnly
SameSite = [strict | lax | none | $variable]
Secure
path=path		Upstream (Backends)See also Sticky Cookie
NGINX Gateway FabricImplementation (Nginx)N/ASupports Gateway API OnlyN/ANGINX Gateway Fabric solely uses Gateway API; therefore, it doesn’t yet have a way to configure session persistence. NGINX Gateway Fabric Docs
STUNnerImplementation / DataplaneNoneNoneNoneSTUNner Docs
TraefikImplementation / DataplaneCookie-Basedname=name
secure
httpOnly
sameSite=[none | lax | strict ]		Services (Backends)N/A
TykImplementation / DataplaneNoneNoneNoneTyk Docs
WSO2 APKImplementation / DataplaneNoneNoneNoneWSO2 APK Docs

Sessions in Java

Java application servers such as Tomcat and Jetty, were the first to standardize the API around cookies and sessions. These Java applications introduced the “jsessionid” cookie and session IDs encoded in URL parameters as well as more advanced features such as session migration, replication, and on demand session activation. It’s important for Gateway API to examine cookie use cases and history from Java APIs to ensure the API is designed appropriately.

Session Affinity in K8S Services

Kubernetes provides an API that allows you to enable session affinity on service objects. It ensures consistent sessions by utilizing the client’s IP address and also offers the option to set a timeout for the maximum session duration. Implementations of Gateway API, such as service mesh use cases, may use the service IP directly. In these cases where both Kubernetes service session affinity and Gateway API session persistence are both enabled, the route MUST be rejected, and a status should be set describing the incompatibility of these two configurations.

API

In this section, we will explore the questions and design elements associated with a session persistence API.

We will present two distinct patterns for configuring session persistence:

  1. BackendLBPolicy: a Direct Policy Attachment for backends (Services, ServiceImports, or any implementation-specific backendRef)
  2. An inline API update to HTTPRoute and GRPCRoute rules

BackendLBPolicy API

In order to apply session persistence configuration to a backend, we will implement it as a Policy Attachment. The new metaresource is named BackendLBPolicy and is responsible for configuring load balancing-related configuration for traffic intended for a backend after routing has occurred. It is defined as a Direct Policy Attachment without defaults or overrides, applied to the targeted backend.

Instead of utilizing a specific, session persistence-only policy object, we introduce a more generic API object named BackendLBPolicy. This design provides tighter coupling with other load balancing configuration which helps reduce CRD proliferation. For instance, BackendLBPolicy could be augmented to add configuration for selecting a load balancing algorithm for traffic to the backends, as desired in issue #1778. BackendLBPolicy could also be later expanded to contain session affinity configuration. This would provide a convenient grouping of the two related APIs within the same policy object. Additionally, other future enhancements to the API may include the addition of timeouts, connection draining, and logging within BackendLBPolicy.

As for achieving session persistence, this API currently exposes the Type field which allows selection between cookie-based and header-based session persistence. Cookie-based session persistence is considered a core feature, while header-based session persistence is extended and therefore optional.

  1. // BackendLBPolicy provides a way to define load balancing rules
  2. // for a backend.
  3. type BackendLBPolicy struct {
  4.     metav1.TypeMeta   `json:",inline"`
  5.     metav1.ObjectMeta `json:"metadata,omitempty"`
  7.     // Spec defines the desired state of BackendLBPolicy.
  8.     Spec BackendLBPolicySpec `json:"spec"`
  10.     // Status defines the current state of BackendLBPolicy.
  11.     Status PolicyStatus `json:"status,omitempty"`
  12. }
  14. // BackendLBPolicySpec defines the desired state of
  15. // BackendLBPolicy.
  16. // Note: there is no Override or Default policy configuration.
  17. type BackendLBPolicySpec struct {
  18.     // TargetRef identifies an API object to apply policy to.
  19.     // Currently, Backends (i.e. Service, ServiceImport, or any
  20.     // implementation-specific backendRef) are the only valid API
  21.     // target references.
  22.     TargetRef gatewayv1a2.PolicyTargetReference `json:"targetRef"`
  24.     // SessionPersistence defines and configures session persistence
  25.     // for the backend.
  26.     //
  27.     // Support: Extended
  28.     //
  29.     // +optional
  30.     SessionPersistence *SessionPersistence `json:"sessionPersistence"`
  31. }
  33. // SessionPersistence defines the desired state of
  34. // SessionPersistence.
  35. type SessionPersistence struct {
  36.     // SessionName defines the name of the persistent session token
  37.     // which may be reflected in the cookie or the header. Users
  38.     // should avoid reusing session names to prevent unintended
  39.     // consequences, such as rejection or unpredictable behavior.
  40.     //
  41.     // Support: Implementation-specific
  42.     //
  43.     // +optional
  44.     // +kubebuilder:validation:MaxLength=4096
  45.     SessionName *string `json:"sessionName,omitempty"`
  47.     // AbsoluteTimeout defines the absolute timeout of the persistent
  48.     // session. Once the AbsoluteTimeout duration has elapsed, the
  49.     // session becomes invalid.
  50.     //
  51.     // Support: Extended
  52.     //
  53.     // +optional
  54.     AbsoluteTimeout *Duration `json:"absoluteTimeout,omitempty"`
  56.     // IdleTimeout defines the idle timeout of the persistent session.
  57.     // Once the session has been idle for more than the specified
  58.     // IdleTimeout duration, the session becomes invalid.
  59.     //
  60.     // Support: Extended
  61.     //
  62.     // +optional
  63.     IdleTimeout *Duration `json:"idleTimeout,omitempty"`
  65.     // Type defines the type of session persistence such as through
  66.     // the use a header or cookie. Defaults to cookie based session
  67.     // persistence.
  68.     //
  69.     // Support: Core for "Cookie" type
  70.     //
  71.     // Support: Extended for "Header" type
  72.     //
  73.     // +optional
  74.     // +kubebuilder:default=Cookie
  75.     Type *SessionPersistenceType `json:"type,omitempty"`
  77.     // CookieConfig provides configuration settings that are specific
  78.     // to cookie-based session persistence.
  79.     //
  80.     // Support: Core
  81.     //
  82.     // +optional
  83.     CookieConfig *CookieConfig `json:"cookieConfig,omitempty"`
  84. }
  86. // Duration is a string value representing a duration in time. The format is as specified
  87. // in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration.
  88. //
  89. // +kubebuilder:validation:Pattern=`^([0-9]{1,5}(h|m|s|ms)){1,4}$`
  90. type Duration string
  92. // +kubebuilder:validation:Enum=Cookie;Header
  93. type SessionPersistenceType string
  95. const (
  96.     // CookieBasedSessionPersistence specifies cookie-based session
  97.     // persistence.
  98.     //
  99.     // Support: Core
  100.     CookieBasedSessionPersistence   SessionPersistenceType = "Cookie"
  102.     // HeaderBasedSessionPersistence specifies header-based session
  103.     // persistence.
  104.     //
  105.     // Support: Extended
  106.     HeaderBasedSessionPersistence   SessionPersistenceType = "Header"
  107. )
  109. // CookieConfig defines the configuration for cookie-based session persistence.
  110. type CookieConfig struct {
  111.     // LifetimeType specifies whether the cookie has a permanent or
  112.     // session-based lifetime. A permanent cookie persists until its
  113.     // specified expiry time, defined by the Expires or Max-Age cookie
  114.     // attributes, while a session cookie is deleted when the current
  115.     // session ends.
  116.     //
  117.     // When set to "Permanent", AbsoluteTimeout indicates the
  118.     // cookie's lifetime via the Expires or Max-Age cookie attributes
  119.     // and is required.
  120.     //
  121.     // When set to "Session", AbsoluteTimeout indicates the
  122.     // absolute lifetime of the cookie tracked by the gateway and
  123.     // is optional.
  124.     //
  125.     // Support: Core for "Session" type
  126.     //
  127.     // Support: Extended for "Permanent" type
  128.     //
  129.     // +optional
  130.     // +kubebuilder:default=Session
  131.     LifetimeType *CookieLifetimeType `json:"lifetimeType,omitempty"`
  132. }
  134. // +kubebuilder:validation:Enum=Permanent;Session
  135. type CookieLifetimeType string
  137. const (
  138.     // SessionCookieLifetimeType specifies the type for a session
  139.     // cookie.
  140.     //
  141.     // Support: Core
  142.     SessionCookieLifetimeType   CookieLifetimeType = "Session"
  144.     // PermanentCookieLifetimeType specifies the type for a permanent
  145.     // cookie.
  146.     //
  147.     // Support: Extended
  148.     PermanentCookieLifetimeType  CookieLifetimeType = "Permanent"
  149. )

Route Rule API

To support route-level configuration, this GEP also introduces an API as inline fields within HTTPRoute and GRPCRoute. Any configuration that is specified at Route level will override configuration that is attached at the backend level. This route-level API for enabling session persistence currently uses the same SessionPersistence struct from the BackendLBPolicy API. However, this API should be reevaluated in a future update to this GEP, considering the associated edge cases when configuring both routes and backends.

  1. type HTTPRouteRule struct {
  2.     [...]
  4.     // SessionPersistence defines and configures session persistence
  5.     // for the route rule.
  6.     //
  7.     // Support: Extended
  8.     //
  9.     // +optional
  10.     SessionPersistence *SessionPersistence `json:"sessionPersistence"`
  11. }

API Granularity

The purpose of this session persistence API spec is to enable developers to specify that a specific backend expects a persistent session. However, it intentionally avoids specifying low-level details or configurations related to the session persistence implementation, such as cookie attributes. This decision is because the Gateway API supports various infrastructure types, and some implementations that already provide session persistence may not be able to adhere to a low-level API.

For instance, platforms using global load balancers to maintain persistent sessions between regional load balancers, or Tomcat servlets generating distinct cookies per server. In such scenarios, it is important that this GEP does not obstruct the existing use of cookies while enabling session persistence. Enabling particular low-level API configurations, like allowing customization of the cookie name, could prevent certain implementations from conforming to the spec. In other words, opting for a higher-level API provides better interoperability among our implementations.

However, this API spec does allow specifying specific forms or types of session persistence through the Type field in the SessionPersistence struct, including options for cookie-based or header-based session persistence. This API field accommodates implementations that offer multiple methods of session persistence, while also allowing users to specify their preferred form of session persistence if desired.

Target Persona

Referring to the Gateway API Security Model, the target kubernetes role/persona for session persistence are application developers, as mentioned in the When does an application require session persistence? section. It is the responsibility of the application developers to adjust the persistence configuration to ensure the functionality of their applications.

Prior Art

Referring to our Implementations table on session persistence, the majority of Gateway API implementations designed session persistence in their APIs to be attached to a service or backends. This should be considered cautiously, as making associations to Gateway API’s notion of Gateway, Route, and Service to other implementation’s objects is hard to directly translate. The idea of a route in Gateway API is often not the same as a route in any given implementation.

API Attachment Points

The new BackendLBPolicy metaresource only supports attaching to a backend. A backend can be a Service, ServiceImport (see GEP-1748), or any implementation-specific backends that are a valid BackendObjectReference. Enabling session persistence for a backend enables subsequently enables it for any route directing traffic to this backend. To learn more about the process of attaching a policy to a backend, please refer to GEP-713.

On the other hand, configuring the sessionPersistence field in the route rule enables session persistence exclusively for the traffic directed to the backendRefs in this route rule. This means applying session persistence configuration to a route rule MUST NOT affect traffic for other routes or route rules. Designing the configuration for a specific route rule section rather than the route entirely, allows users to configure session persistence in a more granular fashion. This approach avoids the need to decompose routes if the configuration is specific to a route path.

Session persistence configuration specified in a route rule SHALL override equivalent configuration in BackendLBPolicy. In this situation, implementations MAY want to indicate a warning via a log or status. Refer to GEP-713 and/or GEP-2648 for more specific details on how to handle override scenarios.

Edge cases will arise when implementing session persistence support for both backends and route rules through BackendLBPolicy and the route rule’s sessionPersistence field. For guidance on addressing conflicting attachments, please consult the Edge Case Behavior section, which outlines API use cases. Only a subset of implementations have already designed their data plane to incorporate route-level session persistence, making it likely that route-level session persistence will be less widely implemented.

Traffic Splitting

In scenarios involving traffic splitting, session persistence impacts load balancing done after routing. When a persistent session is established and traffic splitting is configured across services, the persistence to a single backend MUST be maintained across services. Consequently, a persistent session takes precedence over traffic split weights when selecting a backend after route matching. It’s important to note that session persistence does not impact the process of route matching.

When using multiple backends in traffic splitting, all backend services should have session persistence enabled. Nonetheless, implementations MUST carefully consider how to manage traffic splitting scenarios in which one service has persistence enabled while the other does not. This includes scenarios where users are transitioning to or from an implementation version designed with or without persistence. For traffic splitting scenario within a single route rule, this GEP leaves the decision to the implementation. Implementations MAY choose to apply session persistence to all backends equally, reject the session persistence configuration entirely, or apply session persistence only for the backends with it configured.

See Edge Case Behavior for more use cases on traffic splitting.

While the API is intended to be generic, as described in API Granularity, a majority of implementations will employ session persistence through cookies. Therefore, let’s explore the possibilities of cookie configuration for these APIs.

A cookie is composed of various attributes, each represented as key=value pairs. While some attributes may have optional values, the cookie name attribute is the only mandatory one, and the rest are considered optional.

The cookie attributes defined by RFC6265 are:

  • Name=value
  • Expires=date
  • Max-Age=number
  • Domain=domain
  • Path=path-value
  • Secure
  • HttpOnly

Other cookie attributes not defined by RFC6265, but are captured in draft RFCs and could be considered de facto standards due to wide acceptance are:

  • SameSite=[Strict|Lax|None]
  • Partitioned

Unless a sessionPersistence API field can be satisfied through a manipulating a cookie attribute, the attributes of the cookies are considered as opaque values in this spec and are to be determined by the individual implementations. Let’s discuss some of these cookie attributes in more detail.

Name

The Name cookie attribute MAY be configured via the SessionName field in sessionPersistence. However, this field is implementation-specific because it’s impossible to create a conformance test for it, given that sessions could be created in a variety of ways. Additionally, SessionName is not universally supported as some implementations, such as ones supporting global load balancers, don’t have the capability to configure the cookie name. Some implementations have a fixed cookie name, and therefore SessionName may be reflected in the value of the cookie.

The use case for modifying the cookie name using SessionName is that certain users might need to align it with an existing cookie name, such as Java’s JSESSIONID. Refer to Session Initiation Guidelines for details on how this GEP supports existing sessions. If SessionName is not specified, then a unique cookie name should be generated.

Expires / Max-Age

The Expires and Max-Age cookie attributes are important in distinguishing between session cookies and permanent cookies. Session cookies do not include either of these attributes, while permanent cookies will contain one of them. Session cookies can still have an expiration or timeout, but it will be accomplished through alternative mechanisms, such as the proxy tracking the cookie’s lifetime via its value.

The LifetimeType API field specifies whether a cookie should be a session or permanent cookie. Additionally, the lifetime or timeout for both session and permanent cookies is represented by AbsoluteTimeout. In the case of LifetimeType being Permanent, AbsoluteTimeout MUST configure the Expires or Max-Age cookie attributes. Conversely, if LifetimeType is Session, AbsoluteTimeout MUST regulate the cookie’s lifespan through a different mechanism, as mentioned above. If LifetimeType is set to Permanent, then AbsoluteTimeout MUST also be set as well. This requirement is necessary because an expiration value is required to set Expires or Max-Age. LifetimeType of Session is core support level and the default, while LifetimeType of Permanent is extended.

See issue #2747 for more context regarding distinguishing between permanent and session cookies.

Path

The cookie’s Path attribute defines the URL path that must exist in order for the client to send the cookie header. Whether attaching session persistence to an xRoute or a service, it’s important to consider the relationship the cookie Path attribute has with the route path.

When session persistence is enabled on a xRoute rule, the implementor should interpret the path as configured on the xRoute. To interpret the Path attribute from an xRoute, implementors should take note of the following:

  1. For an xRoute that matches all paths, the Path should be set to /.
  2. For an xRoute that has multiple paths, the Path should be interpreted based on the route path that was matched.
  3. For an xRoute using a path that is a regex, the Path should be set to the longest non-regex prefix (.e.g. if the path is /p1/p2/*/p3 and the request path was /p1/p2/foo/p3, then the cookie path would be /p1/p2).

It is also important to note that this design makes persistent session unique per route path. For instance, if two distinct routes, one with path prefix /foo and the other with /bar, both target the same service, the persistent session won’t be shared between these two paths.

Conversely, if the BackendLBPolicy policy is attached to a service, the Path attribute MUST be left unset. This is because multiple routes can target a single service. If the Path cookie attribute is configured in this scenario, it could result in problems due to the possibility of different paths being taken for the same cookie. Implementations MUST also handle the case where the client is a browser making requests to multiple persistent services from the same page.

Secure, HttpOnly, SameSite

The Secure, HttpOnly, and SameSite cookie attributes are security-related. The API implementers SHOULD follow the security-by-default principle and configure these attributes accordingly. This means enabling Secure and HttpOnly, and setting SameSite to Strict. However, in certain implementation use cases such as service mesh, secure values might not function as expected. In such cases, it’s acceptable to make appropriate adjustments.

Session Persistence API with GAMMA

The object of the GAMMA (Gateway API for Mesh Management and Administration) initiative is to provide support for service mesh and mesh-adjacent use-cases with Gateway API. GAMMA is focused on defining how Gateway API could also be used for inter-service or east/west traffic within the same cluster.

Given that service meshes commonly have session persistence requirements, this API design should take into consideration session persistence needs in GAMMA and service mesh scenarios.

Session Initiation Guidelines

As illustrated in the examples provided in Session Persistence Initiation, implementations must consider how to manage sessions initiated by other components. As mentioned in Backend Initiated Session Example, this GEP does not support configuring backend-initiated persistent sessions. We leave the decision of handling existing sessions with each specific implementation. In the case of cookie-based session persistence, an implementation MAY either rewrite the cookie or insert an additional cookie, or to do nothing (resulting in the lack of a persistent session). In general, inserting an additional cookie is a generally safe option, but it’s important for implementations to exercise their own discretion. However, regardless of the implementation’s design choice, the implementation MUST be able to handle multiple cookies.

Session Persistence Failure Behavior

In a situation where session persistence is configured and the backend becomes unhealthy, this GEP doesn’t specify a prescribed fallback behavior mechanism or HTTP status code. Implementations MAY exhibit different behaviors depending on whether active health checking is enabled. Data planes MAY fall back to available backends, disregarding the broken session, and reestablish session persistence when the backend becomes available again.

Edge Case Behavior

Implementing session persistence is complex and involves many edge cases. In this section, we will outline API configuration scenarios (use cases) and how implementations should handle them.

Attaching Session Persistence to both Service and a Route Rule

In a situation which:

  • ServiceA with BackendLBPolicy attached
  • RouteX with sessionPersistence configured on the route rule and backend ServiceA

The sessionPersistence configuration inline to RouteX route rule MUST take precedence over BackendLBPolicy. Since routes direct traffic to services, the policy attached to route operates at a higher-level and MUST override policies applied to individual services.

  1. graph TB
  2.    RouteX ----> ServiceA((ServiceA))
  3.    BackendLBPolicyServiceA[BackendLBPolicy] -.-> ServiceA
  4.    BackendLBPolicyRouteA[SessionPersistence] -.Precedence.-> RouteX
  5.    linkStyle 2 stroke:red;

Two Routes Rules have Session Persistence to the Same Service

Consider the situation in which two different route paths have session persistence configured and are going to the same service:

  1. kind: HTTPRoute
  2. metadata:
  3.   name: routeX
  4. spec:
  5.   rules:
  6.   - matches:
  7.     - path:
  8.       value: /a
  9.     backendRefs:
  10.     - name: servicev1
  11.     sessionPersistence:
  12.       name: session-a
  13.   - matches:
  14.     - path:
  15.       value: /b
  16.     backendRefs:
  17.     - name: servicev1
  18.       weight: 0
  19.     - name: servicev2
  20.       weight: 100
  21.     sessionPersistence:
  22.       name: session-b

Route rules referencing the same service MUST NOT share persistent sessions (i.e. the same cookie). Let’s illustrate this by the following commands:

  1. Curl to /a which establishes a persistent session with servicev1
  2. Curl to /b routes MUST direct traffic to servicev2 since the persistent session established earlier is not shared with this route path.

Session Naming Collision

Consider the situation in which two different services have cookie-based session persistence configured with the same sessionName:

  1. kind: HTTPRoute
  2. metadata:
  3.   name: split-route
  4. spec:
  5.   rules:
  6.   - backendRefs:
  7.     - name: servicev1
  8.       weight: 50
  9.     - name: servicev2
  10.       weight: 50
  11. ---
  12. kind: BackendLBPolicy
  13. metadata:
  14.   name: lbp-split-route
  15. spec:
  16.   targetRef:
  17.     kind: Service
  18.     Name: servicev1
  19.   sessionPersistence:
  20.     sessionName: split-route-cookie
  21.     type: Cookie
  22. ---
  23. kind: BackendLBPolicy
  24. metadata:
  25.   name: lbp-split-route2
  26. spec:
  27.   targetRef:
  28.     kind: Service
  29.     Name: servicev2
  30.   sessionPersistence:
  31.     sessionName: split-route-cookie
  32.     type: Cookie

This is an invalid configuration as two separate sessions cannot have the same cookie name. Implementations SHOULD address this scenario in manner they deem appropriate. Implementations MAY choose to reject the configuration, or they MAY non-deterministicly allow one cookie to work (e.g. whichever cookie is configured first).

Traffic Splitting Simple

Consider the scenario where a route is traffic splitting between two backends, and additionally, a BackendLBPolicy with sessionPersistence config is attached to one of the services:

  1. kind: HTTPRoute
  2. metadata:
  3.   name: split-route
  4. spec:
  5.   rules:
  6.   - backendRefs:
  7.     - name: servicev1
  8.       weight: 50
  9.     - name: servicev2
  10.       weight: 50
  11. ---
  12. kind: BackendLBPolicy
  13. metadata:
  14.   name: lbp-split-route
  15. spec:
  16.   targetRef:
  17.     kind: Service
  18.     Name: servicev1
  19.   sessionPersistence:
  20.     sessionName: split-route-cookie
  21.     type: Cookie

In this traffic splitting scenario within a single route rule, this GEP leaves the decision to the implementation. An implementation MAY choose to:

  1. Apply session persistence configured in BackendLBPolicy to servicev1 and servicev2 equally
  2. Reject the session persistence configured in BackendLBPolicy so that servicev1 does not have session persistence
  3. Apply session persistence for only servicev1, potentially causing all traffic to eventually migrate to servicev1

This is also described in Traffic Splitting.

Traffic Splitting with two Backends and one with Weight 0

Consider the scenario where a route has two rules, but one of those rules involves traffic splitting with a backendRef that has a weight of 0, and additionally, a BackendLBPolicy is attached to one of the services:

  1. kind: HTTPRoute
  2. metadata:
  3.   name: split-route
  4. spec:
  5.   rules:
  6.   - matches:
  7.     - path:
  8.       value: /a
  9.     backendRefs:
  10.     - name: servicev1
  11.   - matches:
  12.     - path:
  13.       value: /b
  14.     backendRefs:
  15.     - name: servicev1
  16.       weight: 0
  17.     - name: servicev2
  18.       weight: 100
  19. ---
  20. kind: BackendLBPolicy
  21. metadata:
  22.   name: lbp-split-route
  23. spec:
  24.   targetRef:
  25.     kind: Service
  26.     Name: servicev1
  27.   sessionPersistence:
  28.     sessionName: split-route-cookie
  29.     type: Cookie

A potentially unexpected situation occurs when:

  1. Curl to /a which establishes a persistent session with servicev1
  2. Curl to /b routes to servicev1 due to route persistence despite weight: 0 configuration

In this scenario which spans two route rules, implementations MUST give precedence to session persistence, regardless of the weight configuration.

A Service’s Selector is Dynamically Updated

In Kubernetes, it’s possible to modify the selector of a service after the gateway has established persistent sessions with it.

  1. kind: Service
  2. metadata:
  3.   name: my-service
  4. spec:
  5.   selector:
  6.     app.kubernetes.io/name: MyApp # Service selector can change

The expected behavior is that the gateway SHOULD retain existing persistent sessions, even if the pod is no longer selected, and establish new persistent sessions after a selector update. This use case is uncommon and may not be supported by some implementations due to their current designs.

Conformance Details

TODO

Open Questions

  • What happens when session persistence causes traffic splitting scenarios to overload a backend?
  • Should we add status somewhere when a user gets in to a “risky” configuration with session persistence?
  • Should there be an API configuration field that specifies how already established sessions are handled?
  • How do implementations drain established sessions during backend upgrades without disruption?

TODO

The following are items that we intend to resolve in future revisions:

  • We need to identify and document requirements regarding session draining and migration.
  • We need to document sessions with Java in greater detail. Java standardized the API and behavior of session persistence long ago and would be worth examining.
  • We need to add a small section on compliance regarding the browser and client relationship.
  • We need to finish enumerating all the edge cases in Edge Case Behavior and identify potential scenarios where session persistence could break so an implementation can implement session persistence in a predicable way.
  • We need to clean up the Implementations table to make it more organized and readable.
  • We need to revisit how to indicate to a user that a BackendLBPolicy configuration is being overridden by a route configuration via a warning status or log.
    • This might require addressing as part of an update to GEP-2648.

Alternatives

SessionPersistence API Alternative

Taking a different approach, this GEP could design a more specific policy for configuring session persistence. Rather than containing all load balancing configuration within a single metaresource, we could opt for a more specific design with a metaresource called SessionPersistencePolicy, specifically to handle session persistence configuration.

The advantage of SessionPersistencePolicy is that it is more specific, which may enable a smoother transition to attaching to routes in the future (see Route Attachment Future Work).

  1. // SessionPersistencePolicy provides a way to define session persistence rules
  2. // for a service or route.
  3. type SessionPersistencePolicy struct {
  4.     metav1.TypeMeta   `json:",inline"`
  5.     metav1.ObjectMeta `json:"metadata,omitempty"`
  7.     // Spec defines the desired state of SessionPersistencePolicy.
  8.     Spec SessionPersistencePolicySpec `json:"spec"`
  10.     // Status defines the current state of SessionPersistencePolicy.
  11.     Status PolicyStatus `json:"status,omitempty"`
  12. }
  14. // SessionPersistencePolicySpec defines the desired state of
  15. // SessionPersistencePolicy.
  16. // Note: there is no Override or Default policy configuration.
  17. type SessionPersistencePolicySpec struct {
  18.     // TargetRef identifies an API object to apply policy to.
  19.     TargetRef gatewayv1a2.PolicyTargetReference `json:"targetRef"`
  21.     // SessionName defines the name of the persistent session token
  22.     // (e.g. a cookie name).
  23.     //
  24.     // +optional
  25.     // +kubebuilder:validation:MaxLength=4096
  26.     SessionName String `json:"sessionName,omitempty"`
  27. }

HTTPCookie API Alternative

Alternatively, the API for session persistence could be tightly coupled to cookies rather than being generic as described in API Granularity. The advantage here is the API’s ability to offer greater control through specific cookie attributes and configuration, catering to the needs of advanced users. However, there could be challenges with implementations adhering to an API that is closely tied to cookies. This alternative could apply to the current BackendLBPolicy design or the SessionPersistencePolicy alternative.

The cookie attributes can be defined either as a loosely-typed list of attributes or as strongly-typed attribute fields. A loosely-typed list approach offers a more flexible specification, particularly when new attributes need to be introduced. However, loosely-typed lists may not be as user-friendly due to the lack of validation.

  1. // HttpCookie defines a cookie to achieve session persistence.
  2. type HttpCookie struct {
  3.     // Name defines the cookie's name.
  4.     //
  5.     // +kubebuilder:validation:MaxLength=4096
  6.     Name String `json:"name,omitempty"`
  8.     // CookieAttributes defines the cookie's attributes.
  9.     //
  10.     // +optional
  11.     CookieAttributes []CookieAttribute `json:cookieAttributes`
  12. }
  14. // CookieAttribute defines the cookie's attributes.
  15. type CookieAttribute map[string][]string
  16. )

Strongly-typed attribute fields provide a more user-friendly experience by offering stronger validation for each of the fields. A strongly-type cookie API could be a mix of individual fields and listed attributes. More specifically, we could separate the key attributes with no value into a list. This approach is taken by Haproxy Ingress with their session-cookie-keywords field. This provides flexibility for simple boolean-typed attributes, while validating attributes that have values. However, this approach may be confusing to users as uses two different API patterns for cookie attributes.

  1. // HttpCookie defines a cookie to achieve session persistence.
  2. type HttpCookie struct {
  3.     // Name defines the cookie's name.
  4.     //
  5.     // +kubebuilder:validation:MaxLength=4096
  6.     Name String `json:"name,omitempty"`
  8.     // SameSite defines the cookie's SameSite attribute.
  9.     //
  10.     // +optional
  11.     // +kubebuilder:validation:Enum=Strict;Lax;None
  12.     SameSite SameSiteType `json:"sameSite,omitempty"`
  13.     // Domain defines the cookie's Domain attribute.
  14.     //
  15.     // +optional
  16.     // +kubebuilder:validation:MaxLength=4096
  17.     Domain String `json:"domain,omitempty"`
  19.     // CookieKeywords defines the cookie's attributes that have no value.
  20.     //
  21.     // +optional
  22.     CookieKeywords []CookieKeyword `json:cookieKeywords`
  23. }
  25. // CookieKeyword defines the cookie's attributes that have no value.
  26. type CookieKeyword string
  28. const (
  29.     // CookieKeywordsHttpOnly specifies the HttpOnly cookie attribute.
  30.     CookieKeywordsHttpOnly HttpOnlyMode = "HttpOnly"
  31.     // CookieKeywordsSecure specifies the Secure cookie attribute.
  32.     CookieKeywordsSecure HttpOnlyMode = "Secure"
  33. )

Alternate Naming

This GEP describes session persistence and session affinity as the idea of strong and weak connection persistence respectively. Other technologies use different names or define persistence and affinity differently:

Though session persistence is a ubiquitous name, session affinity is more inconsistently used. An alternate decision could be made to use a different name for session affinity based on the prevalence of other naming conventions.

References