WebUser Interface Sessions are created on the Backend server that succeeds to open the target Account.
User browsers send HTTP requests to the Frontend Servers via Load Balancer(s). If the session request hits the "wrong" Server (i.e. the server that does not host the target session), the request is proxied to the correct Server.
If the HTTP connection is encrypted (using SSL/TLS), request decryption and response encryption take place on the frontend server: