Prevent Azure Website to set WAWebSiteID and ARRAffinity cookies

StackOverflow https://stackoverflow.com/questions/16792427

Question

I have a Windows Azure Website in shared mode.

Now Azure obviously adds two cookies to my web site: WAWebSiteID and ARRAffinity. I learned that those cookies are there to enable sticky sessions with the Application and Request Routing feature (ARR) behind the Azure load balancers.

Nevertheless, my web site does not require sticky sessions, and I don't want to have those cookies around.

First, I never had the slightest idea of sticky sessions crossing my mind, so I wrote the application to scale well with evenly distributed requests on all frontends. Sticky sessions in fact shift the distribution since there are clients doing a lot of requests and clients doing almost none. When only the first request gets distributed and subsequent requests from the same client stick to the same server, this has severe implications on the overall performance of my application.

Secondly, for data privacy reasons I run a cookieless application, and any cookie is considered 'evil'. I know I could delete them with a little bit of javascript, but I don't even want them to be transmitted to the client.

The question is: How can I disable sticky sessions and those two cookies on my Azure website on server side?

Was it helpful?

Solution

Update

You can now turn it off in the portal in the Web App settings. You can also use the resource explorer as described in this blog post: https://blogs.msdn.microsoft.com/appserviceteam/2016/05/16/disable-session-affinity-cookie-arr-cookie-for-azure-web-apps/

Original

I know that this is an old question, but it seems that the Azure IIS ARR has been updated to version 3 and among other new features it has "Session affinity opt-out".

Ben Ari has a post about it here: http://blogs.technet.com/b/erezs_iis_blog/archive/2013/09/16/new-features-in-arr-application-request-routing-3-0.aspx

The short version is that you can add Arr-Disable-Session-Affinity: True to your response headers and sticky sessions will be disabled.

The easiest way is to add the header in the customHeaders node of the web.config file like so:

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Arr-Disable-Session-Affinity" value="True" />
      </customHeaders>
    </httpProtocol>
</system.webServer>

OTHER TIPS

You can't disable sticky sessions for Azure Web Sites. The ARR and sticky sessions are not for you or your app. These are the founding pillars of how Azure Web Sites work. Stickiness is to route requests to your farm (if you have more than one instance).

Check this video to get deeper understanding of Azure Web sites.

UPDATE

Since this answer was first posted there were a lot of updates to the Azure Web Sites Apps. One of them being the possibility to opt out of Affinity Cookie.

Check Geoff's answer for details!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top