Hi LCS thanks for the question
Lets map out an example quickly
I have a website for contoso partners called "https://partner.contoso.com", using public DNS I point "partner.contoso.com" to my Application Gateway running in Azure.
Lets assume I want the App Gateway for the WAF feature (It might also be I want to request route too)
Behind the App Gateway I have an App Service actually hosting the website for "partner.contoso.com" - it's default name is "partnercontoso.azurewebsites.net". Probably this is via a private endpoint (but it doesn't matter for this example)
My partner website is not stateless so i need to ensure that once the client lands on the site they always go back to the same instance.
In this scenario enabling session affinity at App Service is enough. Why?
Because App Service is a two tier architecture all requests to "partnercontoso.azurewebsites.net" are going to hit the app service "front end" - this will decide which instance (worker VM) to relay the client request and the session cookie is required here. And it's for this reason the session setting on App Gateway doesnt make sense. The "app service front end" abstracts the backend pool, app service backend configured in the App gateway is in effect another load balancer.
This question has been blogged here https://techcommunity.microsoft.com/t5/apps-on-azure-blog/configure-arraffinity-cookie-when-accessing-azure-app-service/ba-p/3842511