Testing in production with custom domains and Azure Front Door

Question

Hi there,

We're having issues with testing in production using traffic routing and a stage slot. The main problem is that the cookies x-ms-routing-name, ARRAffinity, ARRAffinitySameSite and TiPMix don't get set due to being blocked because the cookie domain doesn't match the current host (custom domain set in Front Door).

The question is, how can we configure those cookies to use the domain as opposed to the app service/slot domain?

Thanks

Answer 1

Hi @German Diaz de Rada

When backend app services do not have the same custom domain as AFD (Azure Font door), App service session cookies are not passed back to the browser. Therefore session affinity is broken.

There is a workaround that involves pointing the custom domain used in AFD to the app services and register the domain.

• Open app service--> Under Settings --> Custom Domain
• Add Custom Domain --> Enter the custom domain name
• Get the TXT value and create TXT record in your Domain Ex: www.contoso.com Host (asuid.www) Value (Custom Domain Verification ID)
• Once the record is created click on validate to complete the Domain ownership verification.

Ref: https://learn.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-custom-domain?tabs=cname

Hope this was helpful. Please let us know in case of any additional questions or concerns.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well

Answer 2

We had a similar problem that was fixed by adjusting the Origin host header on the Front Door origin group to be the custom domain rather than the app service domain. Likely the backend App Service would have to have the same Custom Domain bound (as @RaviVarmanMSFT mentions)