How to configure session cookie by Azure Load balancer or Azure Application gateway when source ip address changes ?

Hanh Trinh 86 Reputation points
2025-06-05T08:12:27.0366667+00:00

How to configure session cookies with Azure Load balancer or Azure application gateway when source ip address change randomly ?

The diagram is designing as below :

Client -> Cloudflare -> Azure load balancer -> F5 Big IP -> Web VMs.

The problem is Cloudflare IP ranges change randomly, users are getting logged out after navigating between pages, while Azure Load balancer supports Session persistence : NONE, Client IP and Client IP and protocol.

Azure load balancer load balance two F5 Big IP VMs, which then load balance to Web VMs.

In other hand, F5 Big IP VMs are stand alone and do not synchronize with each other.

Each F5 VM has its own IP address, which is used as the target for Azure LB load balancing.

Looking for ward to your advices.

Thanks !

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,213 questions
{count} votes

Accepted answer
  1. Ganesh Patapati 6,915 Reputation points Microsoft External Staff Moderator
    2025-06-05T11:53:25.7133333+00:00

    Hello Hanh Trinh

    Session persistence is breaking due to Cloudflare’s changing source IP addresses. Since Azure Load Balancer supports only Client IP-based session persistence, but Cloudflare masks client IPs, you're facing session drops.

    Possible Solutions to Maintain Session Persistence:

    1. Configure Azure Application Gateway (Instead of ALB)

    Azure Application Gateway supports cookie-based session affinity, which ensures user sessions remain intact even if the source IP changes.

    Enable session affinity cookies by setting Affinity Mode: Enabled.

    1. Use Cloudflare’s Header for Originating IP

    Cloudflare provides headers like CF-Connecting-IP that preserve the original client IP.

    You can configure your Azure Load Balancer or F5 BIG-IP to read and persist sessions based on this header.

    1. Implement F5 BIG-IP Sticky Sessions

    Since F5 BIG-IP devices are standalone and do not sync, configuring session persistence within each F5 may help:

    Enable Sticky Sessions (Persistence Profiles) on F5 BIG-IP.


    I hope this has been helpful!

    If above is unclear and/or you are unsure about something add a comment below.

    If the response was helpful, please feel free to mark it as “Accepted Answer” and consider giving it an upvote. This helps others in the community as well.Accepted answer


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.