1

I have a solution with two projects in it. One project holds a number of WCF services that handle the data-access layer for my application - a service to deal with Building data, another for Room data, another for user data, etc. The other project is the actual application that consumes those services. When I deploy these two projects to the server, I deploy them as two separate applications, in separate folders, under the same site.

When the user logs into the application, I set a session variable with information about the user (rooms they "own", and favorite rooms, buildings, and calendars). So, any page within my application can see that information.

My problem is that my services cannot see that session variable. I have read a number of SO answers, and I gather that being that I have my services as a separate application, they use a different session, so I cannot expect them to see that session variable. I also gather that I have to use ASP.NET compatibility mode to cause the services to maintain a session, so I painted my service classes with the relevant attribute

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]

And made sure my config already had this mode enabled

<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>

And in my user data service, I added a method so that the front end application could pass this user information for the logged in user to the service, as well as a static property that stores the information in a session variable.

    public void SetCurrentUser(User thisUser) {
        CurrentUser = thisUser;
    }

    public static User CurrentUser
    {
        get
        {
            return (User) HttpContext.Current.Session["CurrentUser"];
        }
        set
        {
            HttpContext.Current.Session["CurrentUser"] = value;
        }
    }

When the user logs in, the front end application stores the relevant information in its own session variable, and also calls this method to tell the user data service to store it in its session variable (since I could not get the user service to see the session variables from the front end app). From the user service, I can then see that property all day long. Across multiple requests from the front end application to the user data service, the service appears to maintain the same session, preserving that information.

My problem is that when I try to access that from any of the other services within the data services application/project, I get zilch, nada, or more correctly - null. In my buildings data service, as a test, I put a simple statement that says

Room[] CurrentUserOwnedRooms = User.CurrentUser.OwnedRooms;

But it fails because CurrentUser is null. It's behaving as if the Building data service has a separate session that has no session variables set at all. When I stop execution in the building data service and examine the contents of HttpContext.Current.Session, it has nothing. While the user data service, whenever I call it, continues to show the one session variable that was set in it. This, even though both services are in the same application/project.

What am I missing?

  • "if you can help me figure it out" means that whether you solve it, or give me ideas that help me solve it, I am happy to reward the bounty. –  Mar 27 '17 at 19:08
  • Is it *1) The front end web application* or *2) The user's browser* that is calling the service(s)? – user1429080 Mar 29 '17 at 09:56

2 Answers2

2

Have you seen this post?

Sharing sessions across applications using the ASP.NET Session State Service

You can share session state across applications at the database level.

There is also a good article here that outlines how to use MySQL as a Session State Provider

Community
  • 1
  • 1
grizzthedj
  • 7,131
  • 16
  • 42
  • 62
  • 1
    Also there are many ASP.NET Session State Providers, so you aren't stuck with MSSQL if that's not what you want. – Ryan Mendoza Mar 27 '17 at 19:52
  • I had seen that post. Per project requirements, I am using MySql for my database. I am not sure how to implement a SQL session provider. I will look into it - any pointers would be greatly appreciated. –  Mar 27 '17 at 21:31
  • I have update my answer to include a reference for how to use MySQL as a Session State Provider – grizzthedj Mar 28 '17 at 14:46
  • I am a big fan of sticking to the tools within a framework (less chance of unpredictable behavior), which is why I am less than happy with having to use MySQL for anything. In the end, I have gone with just passing the user information to the service methods that need them. It adds an extra parameter to every service call, but I feel more confident about the result than trying to use a non-ASP.NET session state provider. Still, I really appreciate your effort, and I doubt there is a better answer out there, so you get the bounty. –  Mar 29 '17 at 14:09
1

ASP.NET supports customizable Session State Providers and provides 3 standard ones:

  • InProcSessionStateStore, which stores session state in memory in the ASP.NET worker process
  • OutOfProcSessionStateStore, which stores session state in memory in an external state server process
  • SqlSessionStateStore, which stores session state in Microsoft SQL Server and Microsoft SQL Server Express databases

Although you can roll out your own custom one this might be non trivial. The only one of those 3 that is guaranteed to work correctly with several concurrent users (applications or servers) is the SqlSessionStateStore. Luckily it supports Microsoft SQL Server Express Edition which is free with some limitations but those should be not relevant for storing only session of a small Web app.

Still the storage originally is intended to be used with different servers in Web-farms rather than to share session between different apps and thus requires additional cheat to make it support session sharing between apps. The cheat is described at toddca MSDN blog and essentially involves changing TempGetAppID stored procedure to always return the same appId for different application names and thus enabling the sharing.

You also might be interested in a MSDN suggestion on how to Share Authentication Tickets Across Applications

SergGr
  • 23,570
  • 2
  • 30
  • 51
  • Thanks for this. I will need to look some more into the sharing of authentication tickets. Your answer, especially that last link, helped me better understand some of what is going on in the background, and I wish I could award the bounty in pieces so I could have given some of it to your answer. Thanks again for trying to help me out with this. –  Mar 29 '17 at 14:16