6

So I set up SQL Server Session State using SQL Server 2008 and the temp database and today I decided to look into the data in the tables only to find this in the ASPStateTempApplications table:

AppId AppName
538231025 /lm/w3svc/1/root
611758131 /lm/w3svc/3/root
802488340 /lm/w3svc/4/root
-940085065 /lm/w3svc/4/root/webapp
685293685 /lm/w3svc/5/root
1210055478 /lm/w3svc/5/root/webapp

We have 2 load balanced web servers.

When I look into the ids of the web apps of both servers I see that web1 has app1 with id 4 and web2 has app1 with id 5. The same thing happens with the other app. web1 has app2 with id of 1 and web2 has app2 with id of 3.

My common sense tells me that the web servers are not sharing sessions as the session id uses the appid. Am I correct? If so why isn't this minor detailed not so obvious in the documentation? Should I make the ids match on both web servers?

Jonas Stawski
  • 6,682
  • 6
  • 61
  • 106

1 Answers1

6

The AppId is used during the creation of the SessionId, to help avoid collisions from one app to another. It's created by computing a hash of the IIS app path.

In your environment, the flow might be something like this:

  1. Server A creates a session ID, sets it in a cookie, and stores some data in the corresponding session (a row in ASPStateTempSessions). The session ID column is created by concatenating the session ID with the AppID.
  2. Server B receives a request with a pre-existing session ID, and uses it to find the associated session data from the ASPStateTempSessions table. If the app ID is different, the generated key will also be different.

The net effect of having multiple servers with different AppIds that are sharing the same sessions is that IDs created by one server won't collide with those from another server, and machines with different AppIds won't see each other's sessions.

RickNZ
  • 18,448
  • 3
  • 51
  • 66
  • According to this article: http://msdn.microsoft.com/en-us/library/aa478952.aspx the sessionid of the ASPStasteTempSessions table is the Session ID + application ID. How sure are you that ASP.NET changes the session ID of the context and uses it accross servers? – Jonas Stawski Dec 01 '09 at 14:38
  • I've just verified with Fiddler and SSMS that the AppId is indeed concatenated onto the end of the session ID as the key in the ASPStateTempSessions table. I've updated my answer accordingly. – RickNZ Dec 01 '09 at 15:06
  • In other words, my assumptions are right and I should make sure that the app ids are the same accross the entire web farm for the same app – Jonas Stawski Dec 01 '09 at 15:54
  • Yes, although an alternative would be to modify the TempGetAppID stored procedure to always return the same value, instead of hashing the app name, etc. – RickNZ Dec 01 '09 at 22:21
  • I've matched the IDs of all the web apps in both web servers, I will report if i see any unusual behavior – Jonas Stawski Dec 02 '09 at 11:05
  • @Jonas Stawski if you do not mind to tell me how can make the two applications have the same appId – Mhmd Feb 07 '12 at 12:41
  • 2
    @BMTU I did so in IIS 7. Right click on the website - Managed Website - Advanced Settings. Change the ID property to match on all webservers. – Jonas Stawski Feb 07 '12 at 15:28
  • @Jonas Stawski, Thanks for reply, also i found placing code in appplicatio_start in global.ascx to change appid to customizable name better for me, because i am developing my app as a web farm but still in same server and will splitted to different ervers according traffic, thanks again your answer guided me well :) – Mhmd Feb 26 '12 at 10:00
  • Why there is no `ID` in my IIS7 Advanced Settings? Is there any set up I missed? – Blaise Feb 02 '17 at 19:14