Sessions & FortiWeb HA

Key concepts : HTTP sessions & security : Sessions & FortiWeb HA

The table of FortiWeb client session histories is not synchronized between HA members. If a failover occurs, the new active appliance will recognize that old session cookies are from a FortiWeb, and will allow existing FortiWeb sessions to continue. Clients’ existing sessions will not be interrupted.


	Because the new active appliance does not know previous session history, after failover, for existing sessions, FortiWeb will not be able to enforce actions that are based upon: • the order of page requests in that session ID’s history, such as page order rules. • the count or rate of requests that it remembers for that session ID, such as rate limiting per session ID per URL,

New sessions will be formed with the current main appliance.

For more information on what data and settings are synchronized by HA, see “HA heartbeat & synchronization” and “Configuration settings that are not synchronized by HA”.