如何确定 ASP.Net web 应用程序是否可以处理基于 cookie 的亲和力？

Question

I was reading this article about troubleshooting Azure Application Gateway Session Affinity Issues, and listed as a possible cause it states "My application cannot handle cookie-based affinity", how do I know if my ASP.Net web application can handle cookie based affinity or not?

Thanks,

Answer 1

Firstly, as you're hosting the website on an Azure VM, you would typically deal the same way as you would on-prem, unlike on Azure App Service VM- for this setting - you can just toggle switch to enable or disable ARR Affinity from Azure Portal > Application Settings.

Kindly refer this blog Upcoming SameSite Cookie Changes in ASP.NET and ASP.NET Core for the latest changes.

Just to clarify -The application gateway can only perform session-based affinity by using a cookie. From your issue description, you have set "cookieBasedAffinity": "Enabled", as mentioned in the document, is that correct? You can leverage based on your application needs.

<httpCookies domain="" httpOnlyCookies="true|false" requireSSL="true|false" />

You cannot add cookies in web.config but you can add some custom section to access cookies. You can handle this via code use the System.Web.HttpCookie.HttpOnly property. as mentioned in this article .

    myHttpOnlyCookie.HttpOnly = true;
    myHttpOnlyCookie.Name = "MyHttpOnlyCookie";
    Response.AppendCookie(myHttpOnlyCookie);

As mentioned in the same document you're referring to, you can review the session logs to determine whether the cookies provided by the client have the ARRAffinity details If you don't find the ARRAffinity details, such as "ARRAffinity= ARRAffinityValue" within the cookie set, that means the client is not replying with the ARR cookie.

Additional discussion on this topic- Token Authentication vs. Cookies