I am implementing DoNetOpenAuth as an Relying Party in an web farm environment. Is the default in-memory store sufficient for environments with sticky sessions? I have read a few post alluding that it does work here and here, but I don't have enough knowledge of load balancing and OpenID to know for sure.
I understand it may not be ideal and that I should either run in "dumb" mode or implement my own store.
Thanks,
No, sticky sessions are not enough to permit the use of the in-memory store, because the store has data that must be available to multiple client parties (nonces, most particularly, in order to mitigate replay attacks).