F5 Load Balancer- ASPXAuth Cookie

Question

Can somebody explain what ASPXAuth cookie does?

My website uses forms auth and I am trying to create a load balancer (hardware) rule which will keep track of sessions based on the aspxauth cookie. Is it safe assume that the value of the cookie is unique?

Thanks.

all you're pages are protected by authentication? – Claudio Redi Apr 19 '10 at 19:27 — Claudio Redi, Apr 19 '10 at 19:27
95% of the pages are protected. – Emon Apr 19 '10 at 20:39 — Emon, Apr 19 '10 at 20:39

score 3 · Accepted Answer · answered Apr 19 '10 at 19:23

3

The easiest way to get authentication working in a load balanced environment is to enable sticky sessions. This places an extra cookie to all outgoing responses, such that subsequent requests will contain that cookie and the F5 will recognize the user session between page views and ensure they are routed to the same web server. The web server will not know any different.

answered Apr 19 '10 at 19:23

spoulson

21,335
15
77
102

Nice, thanks for the direction. Just to clarify, we only need to change some configuration from the LB and that will create the stick sessions? – Emon Apr 19 '10 at 20:42
Precisely correct. We use F5 BigIP boxes where I work and they're really powerful (and expensive) machines. – spoulson Apr 20 '10 at 01:05

score 1 · Answer 2 · answered Apr 19 '10 at 19:11

1

The value of this cookie represents the encrypted username of the currently authenticated user. More about Forms Authentication in this article on MSDN.

answered Apr 19 '10 at 19:11

Darin Dimitrov

1,023,142
271
3,287
2,928

F5 Load Balancer- ASPXAuth Cookie

2 Answers2