Question 105178 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – How cookie based authentication works in multiple instance web application?

I have a stateless application(asp.net mvc 4.7.2),Which runs on multiple instance.(azure).

My application uses form authentication (cookie based).

When I login in some cases I get response back from diffrent instance and system shows as not logged in, on refresh again shows as logged in. Is this supposed to happen in multiple instance? (not always reproducible when request and response served by same instance, and issue seems to be not reproducible after a while after login)

I tried enabling ARR affinity, and I couldnot reproduce the issue.
I tried with 1 instance , and I couldnot reproduce the issue.

But Im not supposed to enable ARR affinity as i constantly scale up and scale down instance counts.(had issue when scale down, user was getting 503).

Is there any solution to fix this issue with login, when we have multiple instance?

Tags:

2

Answers


  1. 0

    ARR affinity idea is to route requests to the same instance (sticky sessions). Usually, it works fine, unless the instance gets removed by some reason.

    You will face this issues as you don’t have control over the instances / LB. The ‘solution’ would be to work with some other kind of authentication and with a dedicated session server.

    Login or Signup to reply.
  2. 0
    1. Send the information required to prove authentication in an encrypted format to the cookie. So each instance can decrypt it and use it.
      OR
    2. Store the authentication information in the database with a long key and send the key to the cookie. So each instance can lookup in the database
      OR
    3. If you want to up your security game, do 2, encrypt the key and send the encrypted key in the cookie. So each instance can decrypt the key and lookup in the database
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search