By default, an Application Load Balancer routes each request independently to a registered target based on the chosen load-balancing algorithm. However, you can use the sticky session feature (also known as session affinity) to enable the load balancer to bind a user's session to a specific target.

Target Group Stickiness

The client must support cookies, and the load balancer will use those cookies to determine to which target the new requests should be routed ( to preserve session data).

If that instance will fail for some reason, or be shut down, then the user will be directed to a different instance that has no awareness of the session state. (and therefore will require authentication again).

To be able to keep the state across instances we need to save it externally. Available solutions are DynamoDB and Elasticache (even S3 could be used).

As usual the right architecture depends on requirements, session state is definitely better because it guarantees more resiliency, but it add some latency - and costs)

If Sticky Session are enough for you, enabling them its just a matter of editing the attributes of your target group specifying Stickiness type and its duration.

Stickiness attribute

A couple of notes/considerations:

WebSocket connections are inherently sticky.

Sticky sessions are not supported if cross-zone load balancing is disabled.