Sticky session on WebRole hosted in Windows Azure platform


  • Hi,

    I have the following situation

    A web application created, assigned as web role to Windows Azure project. This web role on Azure project will have 2 instances.

    The web role is a custom STS (Security Token Service) application that handles normal form login and 2 social network login (Facebook and Twitter).

    The STS application uses a lot of Session in the application and several web pages in the STS application.


    HttpContext.Current.Session["ClientUrl"] = Request.Url.ToString();


    I published the Azure package to my subscription and got the 2 instances running.

    Whenever I try login (form login) and Facebook/Twitter login, there is a possibility that they login will not work due to having 2 instances. Sometimes it work fine, sometimes it doesn't.

    I had tried having 1 instance of the web role and I never face the problem above.

    Now, I suspect it is because Instance_0 handles the first page request and submit the login credential to a web service (web service not hosted on Azure platform, it is on company premise), the web service checks the login credential and sends back data STS app to say whether login is authenticated or otherwise, which I think it is Instance_1 that handles the request, so it doesn't how to proceed on since there are session being used to further proceed on with authenticated user.

    I had tried out the WIF training kit from this link

    But it didn't help much since my case is not publishing WCF onto Azure platform.

    I also gone through a few other sites like and

    The Auzre AppFabric is not within my scope of the project to work on the sticky session solution, also having extra Database to store the session data is out of the option as it involves as extra calls to the database which has heavy traffic most of the time.


    The example codes provided by one jdanyow from Stackoverflow (link above), somehow it make sense but I don't know how to get it work.

    I only uses part of the codes which I added the following into the Global.asax code (C#)


    private void OnServiceConfigurationCreated(object sender, ServiceConfigurationCreatedEventArgs e)
                var sessionTransforms = new List<CookieTransform>(new CookieTransform[]
                    new DeflateCookieTransform(),
                    new RsaEncryptionCookieTransform(
                    new RsaSignatureCookieTransform(
                var sessionHandler = new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly());
    private void WSFederationAuthenticationModule_SecurityTokenValidated(object sender, SecurityTokenValidatedEventArgs e)
       FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
    void Application_Start(object sender, EventArgs e)
       FederatedAuthentication.ServiceConfigurationCreated += this.OnServiceConfigurationCreated; 

    Despite I added this, I still don't see how this helps.

    Please enlighten me on what to do.

    Thanks in advance.

    Tuesday, November 15, 2011 4:13 AM


All replies

  • If you'd like to continue down the path of Sticky Sessions and ensure affinity between post backs follow this link and visit the first two sites

    Alternatively, you could implement the Windows Azure AppFabric Cache Session state provider. Windows Azure Cache will distribute the session in a cache node which can be accessed by either instance of your application and the variables will be accessible as it's safely storaged in a shared resource.

    Cory Fowler Windows Azure MVP
    Tuesday, November 15, 2011 4:23 AM
  • Hi SyntaxC4,


    The first link you provided is helpful, although I did not managed to get it implement. But thank you for your effort in replying to my thread.

    Friday, November 18, 2011 8:20 AM