Need to change the session ID before the session is loaded

Question

I'm trying to use the built-in .NET session handling to share sessions across multiple ASP.NET applications. I can't use a custom session implementation.

• I have multiple web servers, each with its own hostname, configured to point to the same codebase
• I'm using a HttpModule that manually sets the application name, so as long as requests to different servers have the same session ID, they'll end up using the same session data

Now I need to be able to set the session ID before the session is loaded the first time - I can set it up to change the cookie and redirect on the first load, but I'd really prefer to do it without the redirect.

ETA: We're already using the MS Session State Server to handle session sharing between servers in a pool. This question is specifically about sharing sessions across applications - that is, the application at http://www.example.com and http://shopping.example.com need to be able to share the same session data.

Answer 1

Perhaps you should consider a different approach. Store whatever data you need to share in a database to which all of your ASP.NET apps have access.

Session should not be shared across different applications.

Answer 2

Microsoft says it moved to an out-of-process model for ASP.NET Sessions, allowing support for sharing of session state from a storage location and to share it in server farms.

Support for server farm configurations. By moving to an out-of-process model, ASP.NET also solves the server farm problem. The new out-of-process model allows all servers in the farm to share a session state process. You can implement this by changing the ASP.NET configuration to point to a common server.

Windows State Server Session Store

You can use the StateServer setting...

Sample web.config

<configuration>
  <system.web>
    <sessionState mode="StateServer"
      stateConnectionString="tcpip=SampleStateServer:42424"
      cookieless="false"
      timeout="20"/>
  </system.web>
</configuration>

StateServer mode, which stores session state in a separate process called the ASP.NET state service. This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm

SQL Server Session Store

If you have a backing SQL Server database, you can choose SQLServer mode

SQLServer mode stores session state in a SQL Server database. Using this mode ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.

Sample web.config

<configuration>
  <system.web>
    <sessionState mode="SQLServer"
      sqlConnectionString="Integrated Security=SSPI;data 
        source=SampleSqlServer;" />
  </system.web>
</configuration>

There are other options too. This MSDN article contains pointers about how to further set up such choices...