Reputation: 44663
forms authentication in a load balanced environment
I am currently working with integrating forms authentication in mvc4 application. Once a user is authenticated, an encrypted cookie is written to their PC.
My application will be installed on a load balanced environment where a user can hit any of the balanced web servers.
Question I have around encryption of cookies, will there be any issue if the cookie is encrypted on server A, and the next request the user makes is to server B and the cookie needs to be decrypted to proceed? Any problem regarding encrypting on one server and decrypting on the other?
Upvotes: 1
Views: 2227
Answers (2)
Reputation: 363
No problem at all. Just be sure that the cookies are for the whole domain (mysite.com.) to prevent problems if you have a structure like server1.mysite.com. After that, for sure, keeping in mind that keys are available to each server, you should have no problem.
Upvotes: 0
Related Questions
- Cookie Based Authentication
- Securing cookies in ASP.NET
- Cookie-based Forms Authentication Across MVC 5 and ASP.NET Core applications
- Does Forms Authentication work with Web Load Balancers?
- Securing the Forms Authentication Cookie when offloading SSL
- Cannot retrieve FormsAuthentication cookie when working in load balanced environment
- ASP.NET Forms Authentication on Load Balanced Servers
- Form Authentication Security
- Session and form cookie authorization
- ASP.NET MVC authentication cookie