473,326 Members | 2,196 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Sharing session data on different sites on the same domain

I have a web farm that uses a state server for session management.

A user logs on to a website (www1.mysite.com).
When the same user visits www2.mysite.com I want the user to be logged in.
Right now it he is not logged in on www2.mysite.com (both sites use the same
state server).
The reason for this seems to be that the user gets a new SessionId when he
visits a new web server (www2.mysite.com for example).

If there was a way to add a domain='.mysite.com' to the session-cookie the
user would use the SessionId from www1.mysite.com on www2.mysite.com and
share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?

/Nils Hedström
May 5 '06 #1
7 4375

One way to do it:
The first server authenticates the user and passes a token to the
browser e.g. a guid in a hidden form field.
The first server passes this token to the second server (e.g. through a
shared database).
The second server receives the token from the browser and checks to see
if it exists in the database, associates that with the user and
authenticates the user (setting it's own session cookie) and removes
the guid from the database.

Google for "single sign-on" (and msdn/security has lots of info - some
of their web security webcasts describe this method).

Chris.
http://blog.cecatech.co.uk/chrisb

May 5 '06 #2
One way which we have acheived the above (in our case 2 web applications
inside same url) is by making some minor changes to the SQL procedures in
ASP session state database.

This may not be an acceptable solution if you are co hosting other websites
which are using session state in database....

Raj

"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.com).
When the same user visits www2.mysite.com I want the user to be logged in.
Right now it he is not logged in on www2.mysite.com (both sites use the
same state server).
The reason for this seems to be that the user gets a new SessionId when he
visits a new web server (www2.mysite.com for example).

If there was a way to add a domain='.mysite.com' to the session-cookie the
user would use the SessionId from www1.mysite.com on www2.mysite.com and
share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?

/Nils Hedström


May 5 '06 #3
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver

http://www.eggheadcafe.com/articles/scaleout_server.asp

--
Robbe Morris - 2004-2006 Microsoft MVP C#
Earn money answering .NET questions
http://www.eggheadcafe.com/forums/merit.asp

"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.com).
When the same user visits www2.mysite.com I want the user to be logged in.
Right now it he is not logged in on www2.mysite.com (both sites use the
same state server).
The reason for this seems to be that the user gets a new SessionId when he
visits a new web server (www2.mysite.com for example).

If there was a way to add a domain='.mysite.com' to the session-cookie the
user would use the SessionId from www1.mysite.com on www2.mysite.com and
share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?

/Nils Hedström

May 6 '06 #4
We are only hosting our own application.

The problem is that the client is given a new session id for every host.
That way there is no way the session data (including login information) can
be shared between hosts.
The only solution I see is adding a domain to the session-cooke (.mysite.com).
That way the client will use the same session id on all hosts in my domain.

/nisse

Hello Rajesh,
One way which we have acheived the above (in our case 2 web
applications inside same url) is by making some minor changes to the
SQL procedures in ASP session state database.

This may not be an acceptable solution if you are co hosting other
websites which are using session state in database....

Raj

"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.com).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.com for example).
If there was a way to add a domain='.mysite.com' to the
session-cookie the user would use the SessionId from www1.mysite.com
on www2.mysite.com and share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström

May 7 '06 #5
We are evaluating scaleout stateserver right now but it does not solve this
problem.

If the session-cookie is specific to a webserver (www1.mysite.com) he will
get a new session-cookie when he visits www2.mysite.com

The session-cookie must be domain-wide (by adding a domain- to the cookie).

/nisse
Hello Robbe Morris [C# MVP],
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver
http://www.eggheadcafe.com/articles/scaleout_server.asp

"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.com).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.com for example).
If there was a way to add a domain='.mysite.com' to the
session-cookie the user would use the SessionId from www1.mysite.com
on www2.mysite.com and share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström

May 7 '06 #6
Read my article more closely. The sample demonstrates
how to use scaleout's capability for sharing session
across different domains and different servers.

--
Robbe Morris - 2004-2006 Microsoft MVP C#
Earn money answering .NET questions
http://www.eggheadcafe.com/forums/merit.asp

"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...
We are evaluating scaleout stateserver right now but it does not solve
this problem.

If the session-cookie is specific to a webserver (www1.mysite.com) he will
get a new session-cookie when he visits www2.mysite.com

The session-cookie must be domain-wide (by adding a domain- to the
cookie).

/nisse
Hello Robbe Morris [C# MVP],
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver
http://www.eggheadcafe.com/articles/scaleout_server.asp

"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...
I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.com).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.com for example).
If there was a way to add a domain='.mysite.com' to the
session-cookie the user would use the SessionId from www1.mysite.com
on www2.mysite.com and share session information (be logged in)..

What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström


May 7 '06 #7
Your code does not use the session id when fetching the data.
It will never work in a production environment.

I would prefer if the solution is "seamless"=you access the session in the
same way as you normally would.

/nisse

Hello Robbe Morris [C# MVP],
Read my article more closely. The sample demonstrates how to use
scaleout's capability for sharing session across different domains and
different servers.

"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...
We are evaluating scaleout stateserver right now but it does not
solve this problem.

If the session-cookie is specific to a webserver (www1.mysite.com) he
will get a new session-cookie when he visits www2.mysite.com

The session-cookie must be domain-wide (by adding a domain- to the
cookie).

/nisse
Hello Robbe Morris [C# MVP],
If you can spend some money, a really nice performance
alternative that will definitely support this (I do just
what you are talking about across sites and across
a web farm) is scaleout stateserver
http://www.eggheadcafe.com/articles/scaleout_server.asp
"Nils Hedström" <Ni***@online.nospam> wrote in message
news:ab**************************@msnews.microsoft .com...

I have a web farm that uses a state server for session management.
A user logs on to a website (www1.mysite.com).
When the same user visits www2.mysite.com I want the user to be
logged in.
Right now it he is not logged in on www2.mysite.com (both sites use
the
same state server).
The reason for this seems to be that the user gets a new SessionId
when he
visits a new web server (www2.mysite.com for example).
If there was a way to add a domain='.mysite.com' to the
session-cookie the user would use the SessionId from
www1.mysite.com
on www2.mysite.com and share session information (be logged in)..
What is the best way to accomplish this?
Does the solution work with every browsers and firewalls?
/Nils Hedström

May 8 '06 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Darren Oakey | last post by:
G'day - is there anyway of sharing the Session data across two different ASP.Net projects? Basically, I'm jumping from a page in one to a page in another, and I'd like to have the data flit...
3
by: grooby | last post by:
I would like to develop an asp.net Web application using muliple web projects under one solution file and share the session information between web applications( or projects). Is this possible?
4
by: Anders K. Jacobsen [DK] | last post by:
Hi I have some common UserControls i want to share between to sites (on the same mashine but on diffrent virtual paths). right now i have on solution file with aprox 10 projects. 2 of these is...
2
by: Guy | last post by:
Is there a way to prevent new browsers windows from sharing session variables with the original window? Our team has an ASP.Net app that lets users analyze portfolio risk given certain portfolio...
5
by: Nils Hedström | last post by:
Sorry about my last post. There seems to be a bug in my newsreader-software. My company (companyA) has bought companyB. The website of companyA is www.companyA.com and comanyB's website is...
5
by: Oleg Ogurok | last post by:
Hi all, Is there a way to read other people's session variables? I understand it makes sense that session state is on per-user basis, but still... Is there a way to get a collection of all...
3
by: MS ASP.NET | last post by:
I'm using sql server session state and wrote a class to wrap current session. I need to know if what I am doing will result in users sharing session data. '----------------------------------...
1
by: irfangani | last post by:
Hi, I have two web applications one in VB.Net and other in C#. I am using Out-Process session state using SQL server. I create a session in VB.Net application. If I access the session in the...
15
by: Neo | last post by:
Hello All, I found that ASP.net website only accepts code withing site directory. This creates big hurdle in shairng code. How to share code between two websites, like the way share between two...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.