ASPX Anonymous Cookies broken when Machine Key Changed

My company recently got hit with a traffic spike, so we tried to fire up additional EC2 instances to handle the load. Unfortunately, this caused users problems with cookies (i.e. site kept asking for login even after you supplied credentials). We think this is because we had neglected to set the Machine Key in our Web.config file (the Web.config files on each load balanced machine are otherwise identical).

We're now in the position where we don't want to set a new Machine Key value in Web.config, because that will log out all of our anonymous users, who may have already added items to their cart, etc. But we also want to support scaling.

So, questions:

1. Is our assumption correct that the Machine Key is the culprit for user's needing new cookies?
2. Is there any way of determining the current or default Machine Key that is being used so that we can copy it to the other load balanced servers?
3. Failing 2, is there a way to set a new Machine Key without开发者_StackOverflow中文版 losing our anonymous user's data?

You didn't mention what method of authentiation you are using, but if it's forms authentication, then yes - your machine keys need to match across all servers in your farm. You should also make sure that all of your machines are equally patched as there have been several patches (specifically the asp.net security vulnerabilty updates) that update the cryptography bits.

If you're using the default configuration, the machine key is likey set to AutoGenerate. As far as I know, there is no simple way to reveal what the autogenerated machine key is set to. However, since you have access to your exising server, you can probably find it via a little reflection code as illustrated here:

http://aspnetresources.com/blog/how_to_read_auto_generated_machinekey