So we have three 2008 R2 Servers where two are configured to be web servers (IIS 7.5), and the third a session state server. I have set the SessionState and MachineKey settings in the applications web.config. After I restart the two web servers I can log into one server, then change the IP address to the other server, and I am still logged in. Success.

I can typically log in/out with any user account I want, change the ip address back and forth, and all is well until some random time between 30-60 minutes when I log in to one server, change the IP address, and the new server asks for credentials.

This is the sessionState setting in both web.configs:

<sessionState mode="StateServer" stateConnectionString="tcpip=xxx.xxx.xxx.xxx:42424" cookieless="false" timeout="30"/>

The application resides under the default web site, and uses the default application pool. I am using forms authentication with a timeout of 20 minutes. I am not receiving any error events on any of the three servers when this happens, and restarting the two web servers fixes the problem for a while. The two web servers are not clustered per-se, but will be served round-robin via a network device.

Any assistance would be appreciated.