What options are there for sharing data across subdomains?

Question

I have www.example.com and also store.example.com. (Yes they are subdomains of the same parent domain)

store.example.com is on ASP.NET 1.1

www.example.com is on ASP.NET 3.5

I want to know what options are available for sharing 'session' data between the two sites. I need some kind of shared login and also the abiltity to track user activity no matter which site they started on.

• Obvously I could send a GUID when transitioning from one site to the other.

• I also believe I can set a cookie which can be shared across subdomains. I've never tried this but it is most likely what I will do. I'm not yet clear if this is a true 'session' cookie or if I just set a low expiration date?

Are these my best options or is there somethin else?

Answer 1

Here is how you would do it in PHP:

http://php.dtbaker.com.au/post/keeping_cookies_across_multiple_sub_domains.html

Answer 2

The important thing to do is to set the cookie domain properly.

It the domain is set to .example.com (note the leading period) then it should be included in requests to example.com and also all of the subdomains.

I assume you have a way of sharing the data between your different subdomains.

Answer 3

If you want to share sessions between different apps there are a few things you need to do.

First you'll need to run the session state in SQL mode. At this point I found out that the SQL session state takes the machine key and your _appDomainAppId to generate a key for your app to access it's own session data. So we need to keep these the same between all your apps.

In the web configs of your apps you'll need to use the same machine key. This can be any where inside the system.web tags E.G:

    <machineKey decryptionKey="EDCDA6DF458176504BBCC720A4E29348E252E652591179E2" validationKey="CC482ED6B5D3569819B3C8F07AC3FA855B2FED7F0130F55D8405597C796457A2F5162D35C69B61F257DB5EFE6BC4F6CEBDD23A4118C4519F55185CB5EB3DFE61"/>

Add an appSetting "ApplicationName" and give it name (this has to be the same for both apps) You'll then need to create a shared session module which will change the _appDomainAppId. The one below is what I use.

    namespace YourApp
{
  using System.Configuration;
  using System.Reflection;
  using System.Web;

  /// <summary>class used for sharing the session between app domains</summary>
  public class SharedSessionModule : IHttpModule
  {
    #region IHttpModule Members
    /// <summary>
    /// Initializes a module and prepares it to handle requests.
    /// </summary>
    /// <param name="context">An <see cref="T:System.Web.HttpApplication"/>
    /// that provides access to the methods,
    /// properties, and events common to all application objects within an ASP.NET
    /// application</param>
    /// <created date="5/31/2008" by="Peter Femiani"/>
    public void Init(HttpApplication context)
    {
      // Get the app name from config file...
      string appName = ConfigurationManager.AppSettings["ApplicationName"];
      if (!string.IsNullOrEmpty(appName))
      {
        FieldInfo runtimeInfo = typeof(HttpRuntime).GetField("_theRuntime", BindingFlags.Static | BindingFlags.NonPublic);
        HttpRuntime theRuntime = (HttpRuntime)runtimeInfo.GetValue(null);
        FieldInfo appNameInfo = typeof(HttpRuntime).GetField("_appDomainAppId", BindingFlags.Instance | BindingFlags.NonPublic);
        appNameInfo.SetValue(theRuntime, appName);
      }
    }

    /// <summary>
    /// Disposes of the resources (other than memory) used by the module that
    /// implements <see cref="T:System.Web.IHttpModule"/>.
    /// </summary>
    /// <created date="5/31/2008" by="Peter Femiani"/>
    public void Dispose()
    {
    }
    #endregion
  }
}

In the web config you'll need to add this module:

      <add name="SharedSessionModule" type="YourApp.SharedSessionModule, YourApp, Version=1.0.0.0, Culture=neutral" />

Final thing to do is to allow the session cookie to pass between domains...like so

  var session = HttpContext.Current.Session;
  var request = HttpContext.Current.Request;
  var cookie = request.Cookies["ASP.NET_SessionId"];
  if (cookie != null && session != null && session.SessionID != null)
  {
    cookie.Value = session.SessionID;
    cookie.Domain = "yourappdomain.com";

    // the full stop prefix denotes all sub domains
    cookie.Path = "/"; // default session cookie path root
  }

And that should do the trick.