This topic describes how to handle the issue that session persistence cannot be implemented after Anti-DDoS Pro or Anti-DDoS Premium is configured.

Problem description

If a website is protected by Anti-DDoS Pro or Anti-DDoS Premium, you are automatically logged off when you click a menu item on the website.


  • Session persistence is disabled.
  • When requests pass through an Anti-DDoS Pro or Anti-DDoS Premium instance, the instance adds a field to cookies. This increases the cookie length. In this case, if the origin server does not properly handle the requests, an error occurs. The field is used by the instance to mitigate attacks.
    http_cookie: aliyungf_tc=AQAAAFvyfRtP/AIATUWYDheCsQtZUPVB; SSID=19mjjcefouv7f8cpbuhp2f9lv2; current_menu=%2F 


  • Enable TCP session persistence.
  • Enable HTTP session persistence.
  • If session persistence is disabled and Anti-DDoS Pro or Anti-DDoS Premium is not configured, you can access an SLB instance of the origin server. This means that logon session persistence does not depend on SLB.
  • Session persistence is implemented based on sessions, and all sessions are stored in the memory cache. The session information is stored in cookies on the client. The sessions are obtained based on the session ID (SSID), rather than in sequence.
  • Enable session persistence for Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Configure session persistence.

Application scope

  • Anti-DDoS Pro and Anti-DDoS Premium