Synchronizing ASP.NET Sessions Across Multiple Sites

Question

Is there an elegant solution for synchronizing sessions across multiple ASP.NET applications? I'm sure this could easily be considered a security hole, but there is a 3rd party ASP.NET application involved, for which there is no ability to extend. For this reason, a second [related] site is being developed, but will require direct access to the sessions created on the 3rd party application.

As an example, when a user logs in/out of one site, the same operation should occur on the other site. However, it's important to note that this goes beyond a typical SSO.

Answer 1

Cookies are an option assuming the application is storing some key data in its cookies. If the other site is in the same domain, it can read them.

Answer 2

Try memcached session state provider: http://www.codeplex.com/memcachedproviders Since the cache runs in a seperate service, I am pretty sure you can access the same storage pool from different apps.

Answer 3

Using SQL Server to store is one of your most easy solutions.make sure you have proper permissions set on the SQL objects. I am not familiar with what Manu has suggested. There is actually one more way of doing it which is a little difficult. Its done by implementing a modification of the memento like pattern. App1 stores session info in the database but instead the other application App2 getting access to the DB, the session info is exposed via a service which App2 can reference. Once the user moves on to app2 and is authenticated, its session is restored using the service.

Hope that helps. It worked for me in one of my projects.

Answer 4

Use NCache - http://www.alachisoft.com/ncache/

It'll help you to acheive what you are looking for.

It has built in distributed ASP.NET session state cache as well, and will help you to share sessions across multiple sites. Details Here