6

Just had a question about session management within ASP .NET. I have looked at the 3 options within IIS (InProc, StateServer and SQL Server) and am having issues deploying session persistence across multiple servers and across multiple web applications. Is there any other options that are available to manage sessions cross sub-domains (from the same parent) as well as over multiple web applications under each domain?

I'll give you an example: Imagine a site www.thisismysite.com.au. When I log in, I go to login.thisismysite.com.au. though browsing the site, I go to www.thisismysite.com.au/MyWebApp/. What I am trying to achieve is for the session to persist across all three links. I am aware of one third party tool that can do this, Groat SessionFarm, but am wondering if there are any others out there? Also, there is a mix of SSL / non SSL if that makes any difference.

Note: I am not worried about identity, I could implement Windows Identity Foundation (or the like) and send claims round all three places. I am after session persistence.

Thanks heaps, Lee

EDIT: I ended up going with a third party piece of code that we could customize for our purposes. Works perfectly, and in buying the source code we can update it as we need to.

lkoutzas
  • 61
  • 1
  • 4

5 Answers5

1

State Server or storage in SQL Server should work fine for what you are trying to do -- even across multiple apps, but you must remember that all applications must have the same MachineKey.

ASPNET-load-balancing-and-ASPNET-state-server

HTH

Hasan Fathi
  • 5,610
  • 4
  • 42
  • 60
A Rogers
  • 11
  • 1
0

Sounds like what you might want is distributed caching?

This post may give you some options to look at - Distributed Cache/Session Solution for ASP.NET Web App

I'm a bit new to the area, but am working on using Microsoft Azure's AppFabric Caching for session state in my current MVC/ASP.NET project since Azure web apps don't provide good options for session state inherently.

I believe the links in the post mentioned above do similar to Azure's AppFabric caching and can handle session state as well. I haven't worked with any of them, though, so can't vouch for reliability. Just getting started on this aspect in my own app this weekend as well.

Greg

Community
  • 1
  • 1
Gregory Thomson
  • 11
  • 1
  • I looked at Azure's AppFabric and from what I can tell it works like a bigger version of a StateServer, which means that I cant share sessions over different web applications (either sub domain or sub application). It will work for the same site / application over multiple servers though. – lkoutzas Aug 08 '11 at 02:23
0

One option is to manage session state through SQL Server, or you can look into something like NCache to manage state across multiple servers.

James Johnson
  • 45,496
  • 8
  • 73
  • 110
0

State server or SQL server should work. At least for http. Https request maybe need to end on the same IP... Not sure about that.

you could also use a hardware load balancer/switch that maintains sessions. They send the initial request from an user to a server, and next requests from that user are sent always to the same server. (or they try to)

That's for sharing sessions for only one web app, but for sharing the sessions between apps what I do at my job is use classic asp sessions (for legacy support, but asp.net is valid too), when the user logs in, they are created on asp, and them read from a file called sessions.asp (the name doesn't matter) that file returns the values when called from .net doing a web request.

For example: sessions.asp?session_name=username gets called from any local .net app and responds "John" so, "John" is inside session["session_name"] and sessions.asp (or aspx, php or whatever you want) just writes text to the response.

I'm not sure if it is explained clearly... It's a dirty and easy way to do it. At my company we use it for about 300 concurrent users having tons of sessions each one, and seems to work pretty nicely. Hope it helps. ;-)

H27studio
  • 467
  • 1
  • 4
  • 12
-1

One of the straight forward way to handle multiple webapplications using cache instead of session.

In that case cache Key will be combination of userid and user location IP. Since cache never be expired by default so you must aware with cache duration 

int timeout=20;
string key= userid+System.Web.HttpContext.CurrentRequest.ServerVariables("REMOTE_ADDR");

//Set 
Cache.Insert(key, value, null,  DateTime.Now.AddMinutes(timeout), Cache.NoSlidingExpiration);    

//Get
var value=Cache[key];

During logout do not forgot to remove cache

Cache.Remove(key);
Shahdat
  • 5,343
  • 4
  • 37
  • 37