How cookies works when IIS ARR do the Loading balance?

Question

Recently I have used IIS *ARR* to do the loading balance.

For now everything is just ok.

But I do not understand how the arr server handle with the cookie?

For example:

1.ARR server:localhost

2.Server A.site.com

3.Server B.site.com

When ARR server rewrite the request to server A Or server B, It seems it WILL transfer the cookie to A or B server.

Is that normal?

Because I thought cookie could not work cross the domain.

Thanks in advance.

Answer 1

Http Cookie is indeed restricted to use for one domain only. yet, that restriction is imposed by the Browser and as far as the Browser concerned, it only deals with the public endpoint of the website (the domain name localhost in your example), it doesn't care or knows whether that end-point is actually a load-balancer that will (internally) delegate the request to another host.

When ARR delegate the request to one of the hosts, it append the cookie value to the request as well.

Moreover, ARR itself may rely on a cookie to achieve affinity ('stickiness').