ARRAffinity and ARRAffinitySameSite are cookies used by Azure App Services to ensure that requests from a user session are routed to the same instance of a web app in environments where there are multiple instances running. Here’s a breakdown of each:
- ARRAffinity: This cookie is set by Azure to implement their Application Request Routing (ARR) that helps in maintaining session affinity. This is crucial in stateful applications where the user session state is stored locally on the web server. The
ARRAffinitycookie helps in sticky sessions, ensuring that subsequent requests from a session are directed to the same server instance. - ARRAffinitySameSite: This is a variant of the
ARRAffinitycookie that supports the SameSite attribute, which is used to prevent the cookie from being sent in cross-site requests. This enhancement aims to improve security and prevent CSRF (Cross-Site Request Forgery) attacks. The SameSite attribute can be set to ‘None’, ‘Lax’, or ‘Strict’. For Azure, it typically defaults to ‘None’ with theSecureattribute if the website uses HTTPS, ensuring that the cookie is sent in all contexts, only over secure connections.
These cookies are automatically applied by Azure when using App Services, and they play a key role in the scalability and reliability of applications hosted in Azure’s multi-instance environments.
Leave a Reply