views:

3011

answers:

6

I have an application where, in the course of using the application, a user might click from

virginia.usa.com

to

newyork.usa.com

Since I'd rather not create a new session each time a user crosses from one subdomain to another, what's a good way to share session info across multiple subdomains?

A: 

If you're using PHP, one hack would be to make a little include script (or two) to do the following:

1 Serialize your $_SESSION array 2 Pass that string as a hidden input, making all your links to those buttons in separate forms using POST. 3 Also include a boolean hidden input to let your script know whether it needs to use the current session or unserialize $_POST['session'] 4 Deploy this across your site, calling things where appropriate

I wouldn't do this if there's actually a sanctioned way to transfer a session. I hope you've at least considered using cookies.

Robert Elwell
A: 

The easiest way is to use GET and the URL (or POST and a javascript simulated form) on all links going across the subdomain.

So your site virginia.usa.com might have the following link: http://newyork.usa.com/webpage.asp?SESSIONID=2ba99df2934

Adam Davis
A: 

I don't think that different subdomains in and of themselves forces different sessions. Both URLs you gave as examples could point to the same application in IIS.

It sounds though like you have different servers or at least different sites in IIS for each subdomain. The best way to store persistent state like this is in a central database. I find the Profile service in ASP.NET to be very useful for this purpose.

Hope that helps.

Todd Price
The problem is with the session cookie in the browser, which is domain-bound
Tor Haugen
+3  A: 

Track your own sessions and use a cookie with an appropriate domain setting, ie. .usa.com.

Alternatively, if you're using PHP, I believe there's a setting to change the default domain setting of the session cookie it uses, that may be useful too.

The settings you're looking for are:

session.use_cookies = 1
session.use_only_cookies = 1
session.cookie_domain = .usa.com
Matthew Scharley
A: 

Hi,

We have tried the same approach suggested by you in one of our application. But the problem is that it is working fine locally at my computer but not on our production server. Is there some other setting I am missing? Could you please suggest some solution?

It is bit urgent. Can you please give me a quick suggestion?

Thanks in advance.

Anil

anil
Better ask this as a new question, not here in an old thread. More people would see it and try to help you. The "Ask Question" button is in the top right of the page...
sth
+5  A: 

You tagged this with ASP.NET and IIS, so I will assume that is your environment. Make sure you have this in your web.config:

<httpCookies domain=".usa.com"/>

If your 2 subdomains map to the same application, then you are done. However, if they are different applications you will need to do some additional work, like using a SQL Server based Session storage (and hacking the stored procedures to make sure all applications share the same session data) or with an HttpModule to intercept the application name, since even with shared cookies and the same machine key, 2 applications will still use 2 different stores for their session data.

Matt Connolly