Home/ Questions/Q 3215102
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T15:08:19+00:00

Per a question I posted yesterday , our website’s DNS structure has changed to

  • 0

Per a question I posted yesterday, our website’s DNS structure has changed to round-robin DNS which literally swaps back and and forth between two production servers. Our web.config for both prod servers has:

  • <sessionState mode="SQLServer" ... > pointing to the same shared DB
  • A machineKey on each server that is consistent between the two (this was the main point of my post yesterday).
  • [update] The same domain in the <forms domain=".mydomain.com" ... > tag

When we use the login feature on the site, the login actually makes a web service request to a 3rd website that authenticates a user. If the resulting response says it was a successful login, then we use FormsAuthentication to log the user in:

FormsAuthentication.SetAuthCookie(strUserID, true);

Our issue is that on some pages we see we are logged in, others we’re not. Is this something indicative of either us not completing a final step to share session between two prod servers or could our SQL server session DB be broken?

Thanks in advance

UPDATE:
Our code to determine if the user is logged in is quite basic:

HttpContext.Current.User.Identity.IsAuthenticated

UPDATE 2:

When I hit prod1.mysite.com (or prod2.mysite.com) I get a cookie called "ASP.NET_SessionId" but when I hit the live public URL, http://www.mysite.com, I don’t get this cookie. Is this part of the problem?

RESOLUTION:

It turns out that everything we did here was all correct and that our live site which uses Akamai was being cached in various states due to Akamai’s cache configuration. Sharing your logged in state between servers has been confirmed to work.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    One thing you could do is use the Firebug add-on for Firefox to ensure that the authentication cookie is being sent to the browser as expected after logging in although as you are seeing that you are logged in on some pages I would expect this to be the case.
    Another thing to check would be that the domain is set correctly for the authentication cookie and that it is valid for all pages on your website.
    This is typically set in you web.config in the forms tags, example below and should be same on each server in the web farm. 

    <authentication mode="Forms">
    <forms name="yourAuthCookie" loginUrl="/login.aspx" protection="All" path="/" domain="mydomain.com" timeout="30"/>
</authentication>

    If this is all correct then it is possible that session is not being shared correctly between your servers although the settings that your have described in your question appear to cover what is needed.

    • 0