We have a collection of .NET sites which are hosted on two effectively identical webservers, with a simple load balancer splitting requests between the two. Everything was working fine until we had a hardware failure on one server and replaced it. Now, we're having session problems as people are being logged out of the applications whenever the load balancer switches the server they're connecting to.
Applications on both servers are configured to use SQLServer for session state, and have identical machineKey and sessionState values in web.config. e.g:
<configuration>
<system.web>
<machineKey validationKey="..." decryptionKey="..." validation="SHA1" decryption="AES" />
<sessionState mode="SQLServer" stateNetworkTimeout="30" stateConnectionString="..." allowCustomSqlDatabase="true" sqlConnectionString="..." cookieless="false" timeout="1441" />
</system.web>
</configuration>
The paired applications are also setup identically in IIS as far as I can tell: same URL, same application pool name, even same path on disk.
However, a request to the same site on each server (by IP) creates two unique SessionID values (with the same cookie name in the browser).
Is there something else I should be setting/checking to generate matching Session IDs on both servers?
