views:

149

answers:

2

I have two exactly the same web sites hosted in two different machines under IIS 7.5. ASP.NET state service is running on my machine and the web.config is updated in both sites with the following code:

<sessionState mode="StateServer" stateConnectionString="tcpip=192.168.1.77:42424" cookieless="false" timeout="120"/>

The allow remote connection is set to 1 in registry in order for the second web site to access the state server.

Both web sites have the same machine key:

<machineKey validationKey="7CB8DF6872FB6B35DECD3A8F55582350FEE1FAB9BE6B930216056C1B5BA69A4C5777B3125A42C4AECB4419D43EC12F168FD1BB887469798093C3CAA2427B2B89" decryptionKey="02FC52E4C71544868EE297826A613C53537DF8FDAF93FA2C64E9A5EF0BA467FB" validation="SHA1" decryption="AES" />

Additionally both sites are configured in IIS to have the same Identifier.

What I want to do is that both these sites share the same session data for example being able to do the following:

// At web site 1: 
Session["key"] = "value"

and

// At web site 2:
// Read session value from the other web site
string result = Session["key"]

The problem is that I can't manage to accomplish this test and really can't understand what I am doing wrong.

Any idea that might help?

+3  A: 

You'll need a way to convince your browser to send the same ASP.NET session cookie regardless of which site it visits.

If the cookie isn't present on the request, then a new session will get created with that key.

I think you can get the browser to retain the key with some sneaky DNS configs - if you assign http://website1.mydomain.com/ and http://website2.domain.com/ to be the addresses of your sites, then set the domain of the ASP.NET session cookie to "domain.com", then your browser will send it to both sites and the session should be shared.

You may also be able to use cookieless mode with ASP.NET, and grab the session ID from the generated URLs.

mwalker
So if in Firefox I change the ASP.NET_SessionId cookie to be exactly the same in both urls for example it might work. Right?
ppolyzos
Yes, I think so. You can also use Fiddler to override cookie values on the request.
mwalker