Excessively high webserver session counts

Check the User-Agent header for incoming requests

Depending on your load balancer, it will periodically send its own requests to your webservers, to check they are still able to serve requests (i.e. the load balancer needs to know which of your webservers it can direct traffic to).

It can do this rather often - AWS' Application Load Balancers do so every couple of seconds. If you're not checking incoming requests for this, you can end up with an insanely high number of sessions sitting around in the cache server that manages your sessions...

If you inspect the sessions, they will have a specific User-Agent set so that you can identify them. In the case of AWS Application Load Balancers, for instance, it's "ELB-HealthChecker/2.0", though it could change in future.

You'll want to check the user agent header before starting up a session, as the load balancer isn't going to need one. In PHP that would look like this

if (($_SESSION['user_agent'] ?? "") === "ELB-HealthChecker/2.0") {
    return; // Or do whatever else you want to do, just don't start a session
}