Sharing Sessions Across Applications Using the ASP.NET Session State Service

Sharing sessions across applications using the ASP.NET Session State Service

I did it this way:

Basically the idea is both apps use native .net sessionState stored in sqlserver. By using the same machine key and making a small tweak to a stored procedure – both apps can share any session keys and/or forms authenication.

Both apps would do something like this in their web.config:

<sessionState mode="SQLServer" sqlConnectionString="Data Source=.\SQLEXPRESS;User Id=test;Password=test;Application Name=AppName"  />
    <machineKey
validationKey="SOMEKEY"
validation="SHA1" decryption="AES"
/>

Session state db would need to be set up on a database server, that both apps can see.

Docs for doing this:
http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx

Command that would need to be run:
C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin>aspnet_regsql.exe -E -ssadd --sstype p -S .\SQLEXPRESS

Stored procedure (TempGetAppID) tweak to:

 @appId int OUTPUT
AS

    -- start change

    -- Use the application name specified in the connection for the appname if specified
    -- This allows us to share session between sites just by making sure they have the
    -- the same application name in the connection string.
    DECLARE @connStrAppName nvarchar(50)
    SET @connStrAppName = APP_NAME()

    -- .NET SQLClient Data Provider is the default application name for .NET apps
    IF (@connStrAppName <> '.NET SQLClient Data Provider')
        SET @appName = @connStrAppName

    -- end change

SET @appName = LOWER(@appName)

Share Session between two web sites using asp.net and state server

You'll need a way to convince your browser to send the same ASP.NET session cookie regardless of which site it visits.

If the cookie isn't present on the request, then a new session will get created with that key.

I think you can get the browser to retain the key with some sneaky DNS configs - if you assign http://website1.mydomain.com/ and http://website2.domain.com/ to be the addresses of your sites, then set the domain of the ASP.NET session cookie to "domain.com", then your browser will send it to both sites and the session should be shared.

You may also be able to use cookieless mode with ASP.NET, and grab the session ID from the generated URLs.

Sharing session state between 2 ASP.NET applications using SQL Server

It appears the issue we were having was that the session cookie domain was being being set differently on the 2 applications. This meant that each application generated it's own sessionId.

We added
<httpCookies domain=".ourdomain.co.uk" />
to our web.config and that seems to have solved it. Thanks for hte help, hope this helps someone else in the future.

Access ASP.NET Session in SQL Server mode across multiple applications

I found the issue.

The problem was that I was (stupidly) trying to share the session between two applications with different host names. In such way, the SessionID was correctly stored in SQL Server but, while one of the applications was able to generate and store the SessionID in the cookie, the other application could not read such cookie because of the different domain.

Sharing ASP.NET session info between applications in a single application pool and worker process

I resolved the issues we were experiencing by making our applications "cookieless".
I updated the web.config file for the applications as follows:

<!--sessionState mode="InProc" cookieless="false" timeout="30" /-->
<sessionState mode="InProc" cookieless="true" timeout="30" />

If anyone can explain why this works, I would appreciate the education.

Thank you to all who offered suggestions.

---

Related Topics