views:

314

answers:

2

I have an asp.net application and webservices (asmx) that reside in the same application but not in the same folder of the aspx files. I aslo have a winform application that uses the webservices. I have marked the webservice methods with [WebMethod(EnableSession = true)] but I am not able to share the same session values that are on the application in the webservices. The winform application has access to the sessionID from the application and I am using the following code

Uri uri = new Uri(ServerServiceUrl);
_cookieContainer = new CookieContainer();
_cookieContainer.Add(new Cookie("ASP.NET_SessionId", SessionID, "/", uri.Host));

My question is: Is there something that I am missing or doing wrong that I cannot access the application sessioin from the webservices?

A: 

Have you tried inheriting your webservice class from System.Web.SessionState.IRequiresSessionState ?

It's normally used for http handlers, but webservices seem to use the same marker interface.

Radu094
I have not tried that, but as I understand it, by adding [WebMethod(EnableSession = true)] on each method makes them session enabled. I do have a session variables available, is just that it is a new session and not the session has already been created on the application.
Alex Mendez
Just realized. Are you accessing the webservice from the same machine? in that case are you sure you should be using "uri.Host" and not the loopback interface when setting up your cookie?
Radu094
+1  A: 

I cannot shed any light as to why you are not able to have the winforms app "hijack" the session - what you are doing looks like it should do exactly what you want.

I wanted only to suggest that you use the application cache (to cache the response from you java service) instead of the user's session store. This has the following advantages: -

  • a) If the cached information is applicable to more than an individual user (e.g. access controlled), then the same cached information can be used for several users and not fetched for each session.
  • b) You have more control over how long things are cached for / when they are scavenged than you get with session data (which just lives for the lifetime of your session and has the danger of growing and growing if you forget to delete old information)
  • c) If you do not manage to get your session hijacking working, you can still access data in the cache from any session.
Chris F