7

I have two identical applications setup on IIS on different virtual directories (I have done some workaround to ensure that they both have the same application name). Is there a way to share session id across two asp.net web applications?

Since I'm storing the session in StateServer, they should both be getting the same session data, however, a different session id is created everytime I go from application a to applicatino b. Wouldn't this happen in a load balancing scenario as well? Where when I go to www.test.com, it would redirect that request to server a, and then if I hit it again, it would go to server b, but since it's a different web application, it would create a new session id?

Saturn K
  • 2,705
  • 4
  • 26
  • 38
  • Just throw it in a database. You're bending over backwards to accommodate limitations of the session. – 3Dave Jul 09 '10 at 19:55
  • The database would have the same issue unless I apply a workaround. Since it's two different applications in the DB, it would have 2 separate sessions. – Saturn K Jul 09 '10 at 21:38
  • You misunderstand my suggestion. Instead of using the session *at all*,place whatever persistent data you require in a common database. Sessions, and cookies, are engineered to keep applications from stepping on each other, which requires isolation. This is one of the many things that databases are good for. – 3Dave Jul 10 '10 at 05:59

3 Answers3

7

First, configure the sessionState element in your web.config to use cookieName="SOME_COOKIE_NAME_HERE" in both apps.

Then, just make sure the urls have the same TLD (top-level domain), i.e. app1.mydomain.com and app2.mydomain.com and you should be able to handle the Session_Start event in Global.asax and put this code:

    HttpCookie cookie = new HttpCookie("SOME_COOKIE_NAME_HERE", Session.SessionID.ToString());
    cookie.Expires = DateTime.Now.AddMinutes(20);
    cookie.Domain = "*.mydomain.com";
    cookie.HttpOnly = true;
    Response.SetCookie(cookie);

Also, I would recommend that you go with the SqlServer SessionState Mode.

matt-dot-net
  • 4,204
  • 21
  • 24
  • Interesting. After applying this change, I get a new session id per request. Here's my Global.asax code: void Session_Start(object sender, EventArgs e) { HttpCookie cookie = new HttpCookie("SessionCookie", Session.SessionID.ToString()); cookie.Expires = DateTime.Now.AddMinutes(20); cookie.Domain = "*.keivantest.com"; cookie.HttpOnly = true; Response.SetCookie(cookie); } Here's my web.config configuration: – Saturn K Jul 09 '10 at 21:35
  • Also, after that cookie name is set in Application A, the next time I go to Application B, its session_start fires and overrides "SessionCookie" with its own session id – Saturn K Jul 09 '10 at 22:22
  • Hmm.. i wouldn't expect the Session_Start to fire in Application B. I suggest watching the traffic (fiddler, et al) to make sure that you are sending the cookie from App A over to App B. i notice your state server is localhost - are both machines reaching THE SAME state server? – matt-dot-net Jul 10 '10 at 01:07
  • 1
    Change the domain from *.domain.com to domain.com and it started working. – Saturn K Jul 12 '10 at 16:34
1

Initially i faced the same issue. What I did is, I overide the jsession id from each domain. I mean, If the user lands on domain1.com, set the same session id for domain2.com from iframe. and vice versa. With this, you can maintain same session across multiple domains.

You need to test the impact over multiple server over network with load balancer.

Manjunath Jakkandi
  • 11
  • 1
-1

Is your goal to share the session state between 2 applications, not just the session ID? I believe the StateServer also uses the application path as well as the SessionID to store the data so even if the SessionID's were the same you still wouldn't be able to share the data. You might have to write your own session module.

Load balancing web apps don't have this problem because the application path is the same across cluster members.

David
  • 34,223
  • 3
  • 62
  • 80