473,692 Members | 2,253 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Sharing session data on different sites on the same domain

I have a web farm that uses a state server for session management.

A user logs on to a website (www1.mysite.co m).
When the same user visits www2.mysite.com I want the user to be logged in.
Right now it he is not logged in on www2.mysite.com (both sites use the same
state server).
The reason for this seems to be that the user gets a new SessionId when he
visits a new web server (www2.mysite.co m for example).

If there was a way to add a domain='.mysite .com' to the session-cookie the
user would use the SessionId from www1.mysite.com on www2.mysite.com and
share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?

/Nils Hedström
May 5 '06 #1
7 4397

One way to do it:
The first server authenticates the user and passes a token to the
browser e.g. a guid in a hidden form field.
The first server passes this token to the second server (e.g. through a
shared database).
The second server receives the token from the browser and checks to see
if it exists in the database, associates that with the user and
authenticates the user (setting it's own session cookie) and removes
the guid from the database.

Google for "single sign-on" (and msdn/security has lots of info - some
of their web security webcasts describe this method).

Chris.
http://blog.cecatech.co.uk/chrisb

May 5 '06 #2
One way which we have acheived the above (in our case 2 web applications
inside same url) is by making some minor changes to the SQL procedures in
ASP session state database.

This may not be an acceptable solution if you are co hosting other websites
which are using session state in database....

Raj

"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.co m).
When the same user visits www2.mysite.com I want the user to be logged in.
Right now it he is not logged in on www2.mysite.com (both sites use the
same state server).
The reason for this seems to be that the user gets a new SessionId when he
visits a new web server (www2.mysite.co m for example).

If there was a way to add a domain='.mysite .com' to the session-cookie the
user would use the SessionId from www1.mysite.com on www2.mysite.com and
share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?

/Nils Hedström


May 5 '06 #3
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver

http://www.eggheadcafe.com/articles/scaleout_server.asp

--
Robbe Morris - 2004-2006 Microsoft MVP C#
Earn money answering .NET questions
http://www.eggheadcafe.com/forums/merit.asp

"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.co m).
When the same user visits www2.mysite.com I want the user to be logged in.
Right now it he is not logged in on www2.mysite.com (both sites use the
same state server).
The reason for this seems to be that the user gets a new SessionId when he
visits a new web server (www2.mysite.co m for example).

If there was a way to add a domain='.mysite .com' to the session-cookie the
user would use the SessionId from www1.mysite.com on www2.mysite.com and
share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?

/Nils Hedström

May 6 '06 #4
We are only hosting our own application.

The problem is that the client is given a new session id for every host.
That way there is no way the session data (including login information) can
be shared between hosts.
The only solution I see is adding a domain to the session-cooke (.mysite.com).
That way the client will use the same session id on all hosts in my domain.

/nisse

Hello Rajesh,
One way which we have acheived the above (in our case 2 web
applications inside same url) is by making some minor changes to the
SQL procedures in ASP session state database.

This may not be an acceptable solution if you are co hosting other
websites which are using session state in database....

Raj

"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.co m).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.co m for example).
If there was a way to add a domain='.mysite .com' to the
session-cookie the user would use the SessionId from www1.mysite.com
on www2.mysite.com and share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström

May 7 '06 #5
We are evaluating scaleout stateserver right now but it does not solve this
problem.

If the session-cookie is specific to a webserver (www1.mysite.co m) he will
get a new session-cookie when he visits www2.mysite.com

The session-cookie must be domain-wide (by adding a domain- to the cookie).

/nisse
Hello Robbe Morris [C# MVP],
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver
http://www.eggheadcafe.com/articles/scaleout_server.asp

"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.co m).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.co m for example).
If there was a way to add a domain='.mysite .com' to the
session-cookie the user would use the SessionId from www1.mysite.com
on www2.mysite.com and share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström

May 7 '06 #6
Read my article more closely. The sample demonstrates
how to use scaleout's capability for sharing session
across different domains and different servers.

--
Robbe Morris - 2004-2006 Microsoft MVP C#
Earn money answering .NET questions
http://www.eggheadcafe.com/forums/merit.asp

"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...
We are evaluating scaleout stateserver right now but it does not solve
this problem.

If the session-cookie is specific to a webserver (www1.mysite.co m) he will
get a new session-cookie when he visits www2.mysite.com

The session-cookie must be domain-wide (by adding a domain- to the
cookie).

/nisse
Hello Robbe Morris [C# MVP],
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver
http://www.eggheadcafe.com/articles/scaleout_server.asp

"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.co m).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.co m for example).
If there was a way to add a domain='.mysite .com' to the
session-cookie the user would use the SessionId from www1.mysite.com
on www2.mysite.com and share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström


May 7 '06 #7
Your code does not use the session id when fetching the data.
It will never work in a production environment.

I would prefer if the solution is "seamless"= you access the session in the
same way as you normally would.

/nisse

Hello Robbe Morris [C# MVP],
Read my article more closely. The sample demonstrates how to use
scaleout's capability for sharing session across different domains and
different servers.

"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...
We are evaluating scaleout stateserver right now but it does not
solve this problem.

If the session-cookie is specific to a webserver (www1.mysite.co m) he
will get a new session-cookie when he visits www2.mysite.com

The session-cookie must be domain-wide (by adding a domain- to the
cookie).

/nisse
Hello Robbe Morris [C# MVP],
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver
http://www.eggheadcafe.com/articles/scaleout_server.asp
"Nils Hedström" <Ni***@online.n ospam> wrote in message
news:ab******** *************** ***@msnews.micr osoft.com...

I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.co m).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.co m for example).
If there was a way to add a domain='.mysite .com' to the
session-cookie the user would use the SessionId from
www1.mysite.com
on www2.mysite.com and share session information (be logged in)..
What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström

May 8 '06 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1120
by: Darren Oakey | last post by:
G'day - is there anyway of sharing the Session data across two different ASP.Net projects? Basically, I'm jumping from a page in one to a page in another, and I'd like to have the data flit across the divide!
3
2006
by: grooby | last post by:
I would like to develop an asp.net Web application using muliple web projects under one solution file and share the session information between web applications( or projects). Is this possible?
4
1642
by: Anders K. Jacobsen [DK] | last post by:
Hi I have some common UserControls i want to share between to sites (on the same mashine but on diffrent virtual paths). right now i have on solution file with aprox 10 projects. 2 of these is webprojetcs wich need to shere some common userControls. Optimally i want a class libarary project wich contains the controls so i could import the DLL and use the controls. But that of course doesnt work.
2
2223
by: Guy | last post by:
Is there a way to prevent new browsers windows from sharing session variables with the original window? Our team has an ASP.Net app that lets users analyze portfolio risk given certain portfolio constructions. The set weights to certain asset types, hit calculate and see some results. Our problem is that users want to compare different situations side by side. So they either hit CTRL+N or Choose "File, New" launch a new browser window,...
5
4590
by: Nils Hedström | last post by:
Sorry about my last post. There seems to be a bug in my newsreader-software. My company (companyA) has bought companyB. The website of companyA is www.companyA.com and comanyB's website is www.comanyb.com Management want users logged in on www.companya.com to be automatically logged in on www.companyb.com (and vice versa). I was thinking of using the same stateserver from www.companya.com and www.companyb.com.
5
2443
by: Oleg Ogurok | last post by:
Hi all, Is there a way to read other people's session variables? I understand it makes sense that session state is on per-user basis, but still... Is there a way to get a collection of all current HttpSessionState objects on the server, or at least get a reference to a HttpSessionState objects by session ID ? Thanks.
3
1319
by: MS ASP.NET | last post by:
I'm using sql server session state and wrote a class to wrap current session. I need to know if what I am doing will result in users sharing session data. '---------------------------------- '------- Session Wrapper -------- '----------------------------------- Imports System.Web.SessionState Public Class EmployeeSession
1
1714
by: irfangani | last post by:
Hi, I have two web applications one in VB.Net and other in C#. I am using Out-Process session state using SQL server. I create a session in VB.Net application. If I access the session in the same application, I am able to do so, but if I access the same session in C# application, it gives a blank session. Can anyone tell me how to retrieve the session in other app domain. Thanks
15
5803
by: Neo | last post by:
Hello All, I found that ASP.net website only accepts code withing site directory. This creates big hurdle in shairng code. How to share code between two websites, like the way share between two non-website code? -Pravin
0
8604
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8538
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
8961
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8800
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8801
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6459
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4324
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4557
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
1957
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.