![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 97%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
Hello Ellis Smith,
Greetings! Thanks for raising this question in Q&A forum.
This is a great catch! The root cause here is a behavioral difference between AGIC (Application Gateway Ingress Controller) and AGC (Application Gateway for Containers). When AGIC sets the session affinity cookie, it explicitly includes a Path=/ attribute, which tells the browser to scope the cookie to the root path. AGC, on the other hand, currently omits the Path attribute entirely so the browser makes its own decision about which path to attach the cookie to, based on the request URL. This leads to multiple duplicate (or conflicting) affinity cookies being stored, one per unique path the user visits, which can break sticky sessions.
Here's what you can do to work around this right now:
Check your AGC routing rules — Go to your Application Gateway for Containers configuration and review the HTTPRoute or routing rules you have defined for the affected backend.
Verify the cookie behavior in your browser — Open DevTools (F12) → Application → Cookies and confirm you are seeing multiple AGCAffinity cookies with different paths. This confirms the issue is the missing Path attribute.
Use a custom response header rewrite (if supported) — If your AGC version supports header/cookie rewrite rules, add a rewrite rule to append ; Path=/ to the AGCAffinity cookie in the response. This forces the browser to treat it as a root-scoped cookie, just like AGIC did.
If rewrites are not available, add an ingress-layer workaround — Place a reverse proxy (like NGINX) in front, or use a middleware in your application, to rewrite the Set-Cookie header and inject Path=/ before it reaches the client.
Raise a support ticket with Microsoft — Since this is a regression from AGIC behavior, it is worth filing a bug or support request via the Azure Portal so the AGC team can track and fix this officially. You can also open a GitHub issue on the Azure/application-gateway-kubernetes-ingress repo referencing this regression.
Keep an eye on AGC release notes — Microsoft may patch this in an upcoming AGC release. Monitor the AGC changelog for any fix related to affinity cookie path handling.
In the meantime, the rewrite rule or middleware approach (step 3 or 4) is your most reliable short-term fix to prevent cookie proliferation and keep sessions sticky correctly.
If this answer helps you kindly accept the answer which will help others who have similar questions.
Best Regards,
Jerald Felix.