Wednesday, September 21, 2011

Anonymous identification in webfarm scenarios

One of our customers has anonymous identification enabled for their website and stores some vital information in the resulting cookie. As we tested our latest deploy, which included separating the website over several different servers and subdomains, we noticed that the cookie information was not retained as you navigated between the subdomains.

The cookie was set at subdomain 1 and kept as long as you stayed on that subdomain, but the moment you switched over to another subdomain the cookie was overwritten.

The explanation turned out to be extremely simple. As we had a couple of new machines installed their machine-key configurations differed slightly. You need to make sure that each server share the same value for validationKey and decryptionKey as these values are used to encrypt and decrypt the cookie. You can read more on the topic here