IIS 7 and Above
Application Request Routing (ARR)
Intercepting ARR client affinity cookie
Last post Dec 09, 2009 12:53 PM by Mark S. Rasmussen
Nov 18, 2009 01:20 PM|Mark S. Rasmussen|LINK
We've got a Flash file upload feature in our application, using swfupload. There's a bug in the Flash player that causes it to always send the IE cookies, no matter the current browser -
This has caused us issues in the past since our session / forms authentication cookies were suddenly gone / errant if the user used Chrome/Firefox. I've previously fixed this issue by sending the cookie contents in the QueryString and then setting the cookie
values in Application_BeginRequest so they have their correct values before ASP.NET wires up the session and authentcation.
I've run into a new variant of this bug, since we're now load balancing our app across three content servers using ARR. The previous fix still works, but the issue also affects the ARR client affinity cookie. Basically the user will be assigned to SERVER1
while browing in Firefox, but when the upload is made the client affinity cookie from IE will be sent, or a new will be assigned if the user has no client affinity cookie in IE. As a result, the user will receive the upload formula from SERVER1 but SERVER1-3
may receive the post - and that server has no knowledge of the user session.
I'm thinking of sending the ARR cookie value in the querystring as well. Then I'd implement an HttpModule that read the querystring value and set the cookie value in Application_BeginRequest. By installing this HttpModule on the IIS ARR load balancer and
ordering it about the RequestRouting module, my theory is I can manipulate the cookie before ARR reads it. I've done some testing without luck, but I've not exhaustively tested it yet.
Any suggestions / comments on how to manipulate the ARR client affinity cookie before ARR reads it and redirects the request?
Mark S. Rasmussen
Nov 18, 2009 08:13 PM|anilr|LINK
As long as you set the cookie before OnMapRequestHandler, ARR will pick it up and use it - note that you may need to to set the cookie header directly rather than using the HttpContext.Cookies collection - also since the header value contains multiple cookies,
be sure to not overwrite other cookies.
Nov 20, 2009 03:54 PM|Mark S. Rasmussen|LINK
Hi, thanks for the reply.
I'm still having some issues implementing the module. I've made a simple module that should set the cookie value. The module is installed into the GAC and added to the IIS level Modules section as a Managed module. However, it does not seem to be invoked.
If I turn off "Invoke only for ASP.NET/Managed handlers" then I immediately get the following error for all requests:
The virtual path 'null' maps to another application, which is not allowed root
I've been unable to find any usable explanation for the above error, especially with a 'null' path.
Thus right now my issue is not getting the code to work, but for it to be invoked during the request lifecycle.
Any tips are most appreciated.
Nov 20, 2009 06:05 PM|anilr|LINK
The "virtual path null" error is an IIS bug that is fixed in ws08r2 - a workaround for this bug would be to move your ARR rewrite rules from globalRules to per site rules.
Dec 09, 2009 12:53 PM|Mark S. Rasmussen|LINK
Thanks for your help Anil!
I've blogged about the fix in case anyone else runs into the same issue: