I have a simple ASP.NET webapp with authentication enabled via Cookies. It will be deployed in Azure ContainerApp. I want to know if I need to configure Data Protection in order to keep the app stable in case of container restarting or multiple revisions are up. To test that. I have done the following:
- Deployed the app (with no Data protection configuration) and made two active revisions. One of them has 100% traffic.
- Navigated to the app and authenticated and stayed in the landing page.
- Switched the traffic to the second revision.
- Refreshed the page in the browser while monitoring Network traffic.
I expected to see some auth error when calling protected actions, but it just worked as usual!
Can anyone explain why it worked? And, if that's expected, do I need to configure DataProtection at all in my app?