Some sites may encounter loss of logon status or other exceptions related to the logon status when using WAF. Root causes of these exceptions include the following:
- The domain name has multiple origins (ECS), but does not synchronize the sessions, especially in architectures where an SLB is attached after WAF.
- Failure to obtain the real IP address from X-forwarded-for for validation.
Configure session synchronization for the server.
If the WAF is connected to an SLB, you can use the layer-7 HTTP method to forward the traffic, and enable the cookie-based session persistence.
Obtain the real IP address from x-forwarded-for. For more information, see Obtain the visitor’s real IP address.