views:

741

answers:

2

Hi

I'm working on a site that has a requirement to share session between a cms application and an online store application on the same domain eg.

mydomain.com

and

store.mydomain.com

I've made some progress with it and it works on my local build between

localhost/cms

and

localhost/store

Basically I have done what is suggested in this article

http://blogs.msdn.com/toddca/archive/2007/01/25/sharing-asp-net-session-state-across-applications.aspx

and hacked the TempGetAppID Stored Procedure to return the same application id (1). This appears to work as it creates sessions with ids like 'abv5d2urx1asscfwuzw3wp4500000001', which is what I'd expect.

My issue is that when I deploy it to our testing environment, it creates a new session when I navigate between the 2 sites. So when I start a session on the cms site, if I navigate to the store, it creates a new session. These are set up as 2 different websites in IIS7.

In the web.config files for both sites, the and elements are both the same and are as follows (minus sensitive information)

Has anyone got an ideas why this might not be working? I am sharing Forms Authentication across the 2 sites and that works fine. Any help or ideas would be greatly appreciated!

Many thanks

Dave

+3  A: 

Persist all session data on the SQL-server, using the session-ID as key. Then use a cookie containing the session-ID that points to .mydomain.com so it will be available on both sub-domains.

This article at 15 seconds covers the subject and even shows a technique to share sessions across completely different domains.

Vinz
That's how to share Cookies across domains, not Sessions. Even if you somehow set the cookies to be under the same domain the applications are different. Here's a page that tackles this head on: http://www.velocityreviews.com/forums/t108519-session-cookie-not-accessible-across-sub-domains.html
Nissan Fan
Thanks, but that's specific to classic asp. I'm sure there's some way of achieving this within asp.net without having to get the session from a cookie. However if I'm wrong I'll certainly try implementing something like this on my asp.net project.
Dave
Thanks nissan fan I'll take a look at that.
Dave
Yes, the article is not about sessions in particular, sorry... Using the session-id stored in a cookie you can access session-data that is persisted on the SQL-Server from both applications.A session is nothing more than data stored on the server that is linked to a client identified using a session-cookie.Handling the cookies is done about the same way with .Net as with classic ASP, except you don't have to write clumsy VBScript :)Maybe there is a more elegant solution for this, if you find one please let us know.
Vinz
+2  A: 

It appears the issue we were having was that the session cookie domain was being being set differently on the 2 applications. This meant that each application generated it's own sessionId.

We added <httpCookies domain=".ourdomain.co.uk" /> to our web.config and that seems to have solved it. Thanks for hte help, hope this helps someone else in the future.

Dave