Share Session Between Two Web Sites Using ASP.NET and State Server

Share Session between two web sites using asp.net and state server

You'll need a way to convince your browser to send the same ASP.NET session cookie regardless of which site it visits.

If the cookie isn't present on the request, then a new session will get created with that key.

I think you can get the browser to retain the key with some sneaky DNS configs - if you assign http://website1.mydomain.com/ and http://website2.domain.com/ to be the addresses of your sites, then set the domain of the ASP.NET session cookie to "domain.com", then your browser will send it to both sites and the session should be shared.

You may also be able to use cookieless mode with ASP.NET, and grab the session ID from the generated URLs.

Sharing sessions across applications using the ASP.NET Session State Service

I did it this way:

Basically the idea is both apps use native .net sessionState stored in sqlserver. By using the same machine key and making a small tweak to a stored procedure – both apps can share any session keys and/or forms authenication.

Both apps would do something like this in their web.config:

<sessionState mode="SQLServer" sqlConnectionString="Data Source=.\SQLEXPRESS;User Id=test;Password=test;Application Name=AppName"  />
    <machineKey
validationKey="SOMEKEY"
validation="SHA1" decryption="AES"
/>

Session state db would need to be set up on a database server, that both apps can see.

Docs for doing this:
http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx

Command that would need to be run:
C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin>aspnet_regsql.exe -E -ssadd --sstype p -S .\SQLEXPRESS

Stored procedure (TempGetAppID) tweak to:

 @appId int OUTPUT
AS

    -- start change

    -- Use the application name specified in the connection for the appname if specified
    -- This allows us to share session between sites just by making sure they have the
    -- the same application name in the connection string.
    DECLARE @connStrAppName nvarchar(50)
    SET @connStrAppName = APP_NAME()

    -- .NET SQLClient Data Provider is the default application name for .NET apps
    IF (@connStrAppName <> '.NET SQLClient Data Provider')
        SET @appName = @connStrAppName

    -- end change

SET @appName = LOWER(@appName)

Sharing session state between 2 ASP.NET applications using SQL Server

It appears the issue we were having was that the session cookie domain was being being set differently on the 2 applications. This meant that each application generated it's own sessionId.

We added
<httpCookies domain=".ourdomain.co.uk" />
to our web.config and that seems to have solved it. Thanks for hte help, hope this helps someone else in the future.

---

Related Topics