By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,610 Members | 2,155 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,610 IT Pros & Developers. It's quick & easy.

Share session between subdomains?

P: n/a
Hi,

Is it possible to share sessions between subdomains?

Say: the user logs in at www.company.com, and is redirected to
my.company.com. This is a different url for the same application. Can I
keep the session (so I still know WHO has logged in)?

The problem (as I see it) is the session-cookie. If that has a domain
of "www.company.com", it will not be transferred to "my.company.com".
But: a cookie with a domain of just "company.com" will be sent to both
subdomains. Is it possible to set the domain of the session-cookie?

Any other suggestions, apart from storing the identity in
application-state under some id and using that id in the redirect to
retrieve it in the new session?
Hans Kesting
May 5 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
You can keep parts of the session. To do this, set the machine keys, both
encrypt and decrypt, to the same values on each server (not the same values
as each other, but the keys must be the same on both). You also have to set
the exact same cookie name. This allows the two apps to access the same
session cookie. Session number and user name stay consistent.

This will keep the user in session and you will be able to have single sign
on.

Now the bad news. If you are one that sets up a lot of user information in
session, you will have to recreate that info with every subdomain the user
traverses.

One solution is to create the info every time you notice there is no user
info. THis means multiple apps holding the same info, however. The other is
to persist the information and grab on either a session or page
(cache/viewstate) basis. Either one causes dupe info in memory, unless you
grab the info each page hit (ouch).

You can also put the info in a user cookie, but that just switches the
persistence mechanism to the user's drive and causes you to pull from
cookies. It has some other down sides, like the ability to turn off cookies.

What you do depends largely on your state mechanism. Do you grab info as
needed or use session, etc.? That will determine how much info you end up
repeating.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Hans Kesting" <ne***********@spamgourmet.com> wrote in message
news:mn***********************@spamgourmet.com...
Hi,

Is it possible to share sessions between subdomains?

Say: the user logs in at www.company.com, and is redirected to
my.company.com. This is a different url for the same application. Can I
keep the session (so I still know WHO has logged in)?

The problem (as I see it) is the session-cookie. If that has a domain of
"www.company.com", it will not be transferred to "my.company.com".
But: a cookie with a domain of just "company.com" will be sent to both
subdomains. Is it possible to set the domain of the session-cookie?

Any other suggestions, apart from storing the identity in
application-state under some id and using that id in the redirect to
retrieve it in the new session?
Hans Kesting

May 5 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.