Front Door - Session Affinity

[KeithDarragh1]

This section about session affinity needs a major rewrite.

Public proxies may interfere with session affinity. This is because establishing a session requires Front Door to add a session affinity cookie to the response, which cannot be done if the response is cacheable as it would disrupt the cookies of other clients requesting the same resource. To protect against this, session affinity will not be established if the backend sends a cacheable response when this is attempted. If the session has already been established, it does not matter if the response from the backend is cacheable. Session affinity will be established in the following circumstances, unless the response has an HTTP 304 status code:

The response has specific values set for the Cache-Control header that prevents caching, such as "private" or no-store". The response contains an Authorization header that has not expired. The response has an HTTP 302 status code.

I have had a support case open since May 29, which I have only resolved today. Firstly, it should be made clear what the cookies used for Front Door Session Affinity are called i.e. ASLBSA & ASLBSACORS. Microsoft support and I have been looking at the ARRAffinity cookie which was a complete waste of time.

Secondly, the response header must include 'cache-control: no-store'.

Thirdly, the statement 'Session affinity will be established in the following circumstances, unless the response has an HTTP 304 status code:' is confused by the 'HTTP 304 status code' part. The line 'The response contains an Authorization header that has not expired.' is also incorrect, as the header does not require an Authorization header. It should say if an Authorization header is included, it must not be expired.

If session affinity is enabled on front door, perhaps a header should be required in the response indicating why it was not possible to return the ASLBSA & ASLBSACORS cookies.

Thank you Keith

---

Document details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 31f1dbc3-4bd2-7238-2f2e-8b31e72d4f7c
• Version Independent ID: 7528e36e-ab2e-4b40-f7a9-4dc92c279458
• Content: Azure Front Door - traffic routing methods
• Content Source: articles/frontdoor/front-door-routing-methods.md
• Service: frontdoor
• GitHub Login: @sharad4u
• Microsoft Alias: sharadag

[TravisCragg-MSFT]

@KeithDarragh1 Can you provide the Support Request # (SR#) for the support request you are referring to?

Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.

[KeithDarragh1]

The support request ID is 120052924005311

The engineers thought the Front Door session affinity cookie was the ARRAffinity, but it is not.

[duongau]

reassign: jessie-jyy

[duongau]

reassign: duongau

[duongau]

@KeithDarragh1 Thank you for your suggestions on this section of the article. I have made the following updates to it in this PR: https://github.com/MicrosoftDocs/azure-docs-pr/pull/201376. Please feel free to comment back if you would like me to include anything else. For now I will be archiving this issue. Cheers! #please-close