apologies for the verbose title. We want our apps to share Session State. Here's the deal:
- apps x.pe.com and y.pe.com are using ASP.NET Session State Provider for Redis (aka RedisSessionStateProvider)
- user logs into x.pe.com, which does some calculations and writes
Session["UserStats"] = 23;(or whatever) to Redis. All good so far. - user then hits a page served by y.pe.com. Because both apps issue cookies with a domain of ".pe.com", the cookies from x.pe.com are sent along with the request to y.pe.com.
- hence the user is authorised on y.pe.com. Great.
- y.pe.com calls
var userStats = Session["UserStats"];and this is where the problem is.
I poked around in redis and saw that the names of the keys being stored by x.pe.com are of the ilk PE_usxuattjkpn1j4kprgnmthu3_Data. Naturally this key will be known to x.pe.com but not y.pe.com so I strongly suspect that after var userStats = Session["UserStats"]; , userStats will be null.
Two options seem to avail:
- Share session state across apps using ASP.NET_SessionId
- use machine key so that (somehow) the two ASP.NET runtimes share session state
Which is "best"? I'm leaning towards getting 1. working since it "should just work" and is simple to understand.
Many thanks.
