views:

34

answers:

1

Ok, here's my problem, i want to maintain session data between two applications or domains (eg:- www.abc.com and secure.abc.com).

I have read on net about this, but many people pointing many different ways to do it, with people commenting +ve and -ve responses to all. Plus many are just providing theoretical answer, do this and that ,but no code at all.

are these steps all that is required? 1) in web.config: <httpCookies domain=".abc.com"/>

2) store session data in sql DB as:(after preparing the db for storing sessions)

<sessionState mode="SQLServer" sqlConnectionString="Data Source=YourServer;
Integrated Security=True;database=MySessionDB" sqlCommandTimeout="30" 
allowCustomSqlDatabase="true"/>
<machineKey decryption="AES" validation="SHA1" decryptionKey="..." validationKey="..." />

3)Am confused about this one: i want to set the domain for the session cookie like this Response.Cookies["ASP.NET_SessionId"].Domain = ".abc.com"; But where should this code be written? this entry: http://mgrzyb.blogspot.com/2007/12/aspnet-and-subdomains.html says: use System.Web.SessionState.SessionIDManager as a base class but the SaveSessionID method is not virtual so cannot be overridden. Options are: either explicitly re-implement the interface method or decorate SessionIDManager class and after calling SessionIDManager.SaveSessionID set Response.Cookies[SessionIdCookieName].Domain to our domain.

Only if the author had provided real code, step 3 would have been clear.

Can anyone provide the code for it.

Plus all this 3 steps enough to share session among the domains?

A: 

the 3rd step statement can be written in global.asax according to: http://www.know24.net/blog/ASPNET+Session+State+Cookies+And+Subdomains.aspx

protected  void Application_PreRequestHandlerExecute(Object sender, EventArgs e)

{

  /// only apply session cookie persistence to requests requiring session information



  #region session cookie

  if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState )

  {

    /// Ensure ASP.NET Session Cookies are accessible throughout the subdomains.



    if (Request.Cookies["ASP.NET_SessionId"] != null && Session != null && Session.SessionID != null)

    {

      Response.Cookies["ASP.NET_SessionId"].Value = Session.SessionID;

      Response.Cookies["ASP.NET_SessionId"].Domain = ".abc.com"; // the full stop prefix denotes all sub domains

      Response.Cookies["ASP.NET_SessionId"].Path = "/"; //default session cookie path root         

    }

  }

  #endregion    

}
nash