By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,836 Members | 1,983 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,836 IT Pros & Developers. It's quick & easy.

asp.net web farm configuration - (cookie domains?)

P: n/a
I'm plannig an asp.net web farm.

I expect to use a SQL database for session state management, ie.
<sessionState mode="SQLServer" cookieless="false" .../>

My application uses web forms authentication, with a secure cookie, ie.
<authentication mode="Forms">
<forms name="mycookie" loginUrl=https://secure.domain.com
requireSSL="true"/>
</authentication>

I expect different web applications on different web servers to be
associated with each other by virtue of using the same sessionState
settings.

As indicated above, I would like to ensure that the pages requiring
authentication are grouped together, and as it happens I am thinking that
all the https pages would be grouped on one machine, and only these pages
require authenticated access.
So if I have 3 web servers, 1 and 2 would contain duplicate http pages
allowing anonymous access, whilst 3 would contain https pages requiring
authenticated access. All sharing the same session state, and being part of
the same overall web application.

I would use <location> and <authorization> elements to achieve at the file
level, or just <authorization> element in web.config placed in specific sub
directories.
My question concerns cookies.
Do the session and authentication cookies get shared between the different
servers in the web farm? I would expect to be able to specify the cookie
domain somewhere, but I can't see where.

Thanks to anyone who can fill in the gaps of this plan.
Martin
Nov 18 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
I guess if the machines in the web farm would have the same domain name (but
different IPs of course), then the cookie domain issue would go away, but I
had wanted the machine with the https pages to have a different name than
the other machines.
"Martin" <x@y.z> wrote in message
news:eq****************@TK2MSFTNGP14.phx.gbl...
I'm plannig an asp.net web farm.

I expect to use a SQL database for session state management, ie.
<sessionState mode="SQLServer" cookieless="false" .../>

My application uses web forms authentication, with a secure cookie, ie.
<authentication mode="Forms">
<forms name="mycookie" loginUrl=https://secure.domain.com
requireSSL="true"/>
</authentication>

I expect different web applications on different web servers to be
associated with each other by virtue of using the same sessionState
settings.

As indicated above, I would like to ensure that the pages requiring
authentication are grouped together, and as it happens I am thinking that
all the https pages would be grouped on one machine, and only these pages
require authenticated access.
So if I have 3 web servers, 1 and 2 would contain duplicate http pages
allowing anonymous access, whilst 3 would contain https pages requiring
authenticated access. All sharing the same session state, and being part of the same overall web application.

I would use <location> and <authorization> elements to achieve at the file
level, or just <authorization> element in web.config placed in specific sub directories.
My question concerns cookies.
Do the session and authentication cookies get shared between the different
servers in the web farm? I would expect to be able to specify the cookie
domain somewhere, but I can't see where.

Thanks to anyone who can fill in the gaps of this plan.
Martin

Nov 18 '05 #2

P: n/a
I guess I could write an HttpModule that modified the session and
authentication cookies, giving them the required cookie domain.

Would this work?

"Martin" <x@y.z> wrote in message
news:uH**************@TK2MSFTNGP10.phx.gbl...
I guess if the machines in the web farm would have the same domain name (but different IPs of course), then the cookie domain issue would go away, but I had wanted the machine with the https pages to have a different name than
the other machines.
"Martin" <x@y.z> wrote in message
news:eq****************@TK2MSFTNGP14.phx.gbl...
I'm plannig an asp.net web farm.

I expect to use a SQL database for session state management, ie.
<sessionState mode="SQLServer" cookieless="false" .../>

My application uses web forms authentication, with a secure cookie, ie.
<authentication mode="Forms">
<forms name="mycookie" loginUrl=https://secure.domain.com
requireSSL="true"/>
</authentication>

I expect different web applications on different web servers to be
associated with each other by virtue of using the same sessionState
settings.

As indicated above, I would like to ensure that the pages requiring
authentication are grouped together, and as it happens I am thinking that all the https pages would be grouped on one machine, and only these pages require authenticated access.
So if I have 3 web servers, 1 and 2 would contain duplicate http pages
allowing anonymous access, whilst 3 would contain https pages requiring
authenticated access. All sharing the same session state, and being part
of
the same overall web application.

I would use <location> and <authorization> elements to achieve at the

file level, or just <authorization> element in web.config placed in specific

sub
directories.
My question concerns cookies.
Do the session and authentication cookies get shared between the different servers in the web farm? I would expect to be able to specify the cookie domain somewhere, but I can't see where.

Thanks to anyone who can fill in the gaps of this plan.
Martin


Nov 18 '05 #3

P: n/a
the session cookie is tied to domain/vdir. you can not share (without
coding) session cookies from one application to another.

-- bruce (sqlwork.com)


"Martin" <x@y.z> wrote in message
news:uH**************@TK2MSFTNGP10.phx.gbl...
I guess if the machines in the web farm would have the same domain name (but different IPs of course), then the cookie domain issue would go away, but I had wanted the machine with the https pages to have a different name than
the other machines.
"Martin" <x@y.z> wrote in message
news:eq****************@TK2MSFTNGP14.phx.gbl...
I'm plannig an asp.net web farm.

I expect to use a SQL database for session state management, ie.
<sessionState mode="SQLServer" cookieless="false" .../>

My application uses web forms authentication, with a secure cookie, ie.
<authentication mode="Forms">
<forms name="mycookie" loginUrl=https://secure.domain.com
requireSSL="true"/>
</authentication>

I expect different web applications on different web servers to be
associated with each other by virtue of using the same sessionState
settings.

As indicated above, I would like to ensure that the pages requiring
authentication are grouped together, and as it happens I am thinking that all the https pages would be grouped on one machine, and only these pages require authenticated access.
So if I have 3 web servers, 1 and 2 would contain duplicate http pages
allowing anonymous access, whilst 3 would contain https pages requiring
authenticated access. All sharing the same session state, and being part
of
the same overall web application.

I would use <location> and <authorization> elements to achieve at the

file level, or just <authorization> element in web.config placed in specific

sub
directories.
My question concerns cookies.
Do the session and authentication cookies get shared between the different servers in the web farm? I would expect to be able to specify the cookie domain somewhere, but I can't see where.

Thanks to anyone who can fill in the gaps of this plan.
Martin


Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.