9

How does one share session in ASP.NET Core 3 between 2 servers (load balanced)? And can session be shared between several web services/APIs and the main ASP.NET MVC app?

I am very new to .NET Core 3, I was used to working with session state in ASP.NET Framework MVC (where it was as simple as using the same machine key in the IIS configuration of the site) but I've learned that everything changed for .NET Core 3, in addition a lot of documentation is extremely outdated/obsolete as new versions have rolled out, .NET core 1 has nothing to do with later versions and 2 with 3, and also it requires many NuGet packages which may or may not work anymore.

Currently I have successfully implemented SQL session store with .NET Core 3 but the option of machine key no longer shows up in the IIS and I really don't know how to configure them in the appsettings.json file (if still used at all).

Our setup is 2 servers which must both share the session info, with an F5 load balancer, our old apps which use .NET Framework MVC are configured like this, and I need help with achieving the same result but with .NET Core 3.

I read through https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/web-farm?view=aspnetcore-3.1 but it doesn't really explain how to actually do anything

Also this https://learn.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-3.1 helped configure the SQL session storage but not how to share between the 2 servers

As well as http://www.intstrings.com/ramivemula/articles/jumpstart-44-sql-server-based-session-state-in-asp-net-core-mvc-application/

SGP
  • 358
  • 2
  • 18
  • Does anyone have any info on this? – SGP Apr 02 '20 at 00:13
  • 1
    I am facing similar issue where I need to share session between 2 servers. I think the solution is to spin up a `redis` cache... at least that is what I think – kkdeveloper7 May 04 '20 at 16:58
  • In my case I can't use redis as we do not have permission to do so. we must use IIS – SGP Jun 24 '20 at 01:24
  • If the sessions are used just for authentication, then maybe move away from session itself and embrace the recommended way of doing authentication in mvc maybe? If not, may be the question might be how to do your use case in mvc the right way, for that you might have to update the question with those details though. Sessions are no more the preferred way of doing anything in mvc land and it will continue to get more and more difficult just like finding a serial port in a modern hardware where usb is the way. But I understand you might probably have genuine case for session, I'm just saying.. – Mat J Jun 02 '21 at 17:06
  • you have one domain for all severs or more than one? – Nima Talebi Jun 03 '21 at 08:02
  • 1
    https://devcentral.f5.com/s/question/0D51T00006i7jOE/how-to-configure-cookie-persistence-with-aspnet-session-cookie-without-irule Check this page and links. This could be of help – r2018 Jun 08 '21 at 14:44
  • Thy this [Share authentication cookies among ASP.NET apps](https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-3.1#share-authentication-cookies-between-aspnet-4x-and-aspnet-core-apps) – neohope Jun 09 '21 at 16:00

3 Answers3

1

Have you configured DataProtection? I haven't worked with this in a while, but from memory this was the essential piece for distributed session storage to work in .NET Core

Here's some additional reading about both sessions and DataProtection in .NET Core with bonus mentions for MachineKey - https://andrewlock.net/an-introduction-to-the-data-protection-system-in-asp-net-core/

Tim
  • 2,587
  • 13
  • 18
0

Your user's session authentication key is stored in a cookie within their web browser. No matter which server the user connects to, they will pass their cookie to that server and the server will authenticate their session via SQL using the authentication key.

Mark Entingh
  • 621
  • 6
  • 10
  • Hi, the issue is that exactly what you describe is not happening with my app and servers, the moment the switch occurs within the load balance the cookies are gone and users must login again. This issue was so real and specific, there used to be tutorials on how to configure farm server setups in previous versions of .net framework, there is just no info about how to achieve this in asp.net core 3 – SGP Dec 27 '20 at 23:25
  • First, check to see if the cookie is being saved. Then, make sure its being passed to the server from the web browser. Then, check to see if the load balancer is passing the cookie to your web server. Then check .NET request to see if the raw cookie data exists. If you've gotten this far, then there is an issue with .NET. If not, its an issue with something else. – Mark Entingh Dec 29 '20 at 00:27
0

I think this can help you:

Distribuited SQL Server Cache

I got it from here: https://learn.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-3.1#distributed-sql-server-cache

tartarismo
  • 194
  • 1
  • 10
  • 1
    I think this may be it, but I have to test it. Sadly the company discarded the project using .net core for now – SGP Jun 23 '21 at 18:06