If you want to share sessions between different apps there are a few things you need to do.
First you'll need to run the session state in SQL mode.
At this point I found out that the SQL session state takes the machine key and your _appDomainAppId to generate a key for your app to access it's own session data. So we need to keep these the same between all your apps.
In the web configs of your apps you'll need to use the same machine key. This can be any where inside the system.web tags E.G:
<machineKey decryptionKey="EDCDA6DF458176504BBCC720A4E29348E252E652591179E2" validationKey="CC482ED6B5D3569819B3C8F07AC3FA855B2FED7F0130F55D8405597C796457A2F5162D35C69B61F257DB5EFE6BC4F6CEBDD23A4118C4519F55185CB5EB3DFE61"/>
Add an appSetting "ApplicationName" and give it name (this has to be the same for both apps)
You'll then need to create a shared session module which will change the _appDomainAppId. The one below is what I use.
namespace YourApp
{
using System.Configuration;
using System.Reflection;
using System.Web;
/// <summary>class used for sharing the session between app domains</summary>
public class SharedSessionModule : IHttpModule
{
#region IHttpModule Members
/// <summary>
/// Initializes a module and prepares it to handle requests.
/// </summary>
/// <param name="context">An <see cref="T:System.Web.HttpApplication"/>
/// that provides access to the methods,
/// properties, and events common to all application objects within an ASP.NET
/// application</param>
/// <created date="5/31/2008" by="Peter Femiani"/>
public void Init(HttpApplication context)
{
// Get the app name from config file...
string appName = ConfigurationManager.AppSettings["ApplicationName"];
if (!string.IsNullOrEmpty(appName))
{
FieldInfo runtimeInfo = typeof(HttpRuntime).GetField("_theRuntime", BindingFlags.Static | BindingFlags.NonPublic);
HttpRuntime theRuntime = (HttpRuntime)runtimeInfo.GetValue(null);
FieldInfo appNameInfo = typeof(HttpRuntime).GetField("_appDomainAppId", BindingFlags.Instance | BindingFlags.NonPublic);
appNameInfo.SetValue(theRuntime, appName);
}
}
/// <summary>
/// Disposes of the resources (other than memory) used by the module that
/// implements <see cref="T:System.Web.IHttpModule"/>.
/// </summary>
/// <created date="5/31/2008" by="Peter Femiani"/>
public void Dispose()
{
}
#endregion
}
}
In the web config you'll need to add this module:
<add name="SharedSessionModule" type="YourApp.SharedSessionModule, YourApp, Version=1.0.0.0, Culture=neutral" />
Final thing to do is to allow the session cookie to pass between domains...like so
var session = HttpContext.Current.Session;
var request = HttpContext.Current.Request;
var cookie = request.Cookies["ASP.NET_SessionId"];
if (cookie != null && session != null && session.SessionID != null)
{
cookie.Value = session.SessionID;
cookie.Domain = "yourappdomain.com";
// the full stop prefix denotes all sub domains
cookie.Path = "/"; // default session cookie path root
}
And that should do the trick.