Can you share the session variables between two .net 2.0+ applications?

I was told this works, but…

I guess I’m just not getting this, it seems there’s a hidden step I may be missing, can anyone correct this or point out my mistake? Thanks.

I have a blank solution:
– inside is two .net 2.0 web applications
1) webapp1
2) webapp2

I want them to share the same session data.

My page setups:

Application 1:

Session("value") = "this is the value"

Application 2:
If Not (Session("value") Is Nothing) Then
    value = Session("value").ToString()
End If

My thought process:

1) go to services, turn on the asp.net state service
2) open the web configs in both projects: set the

< machineKey 
validationKey="BFE2909A81903BB303D738555FEBC0C63EB39636F6FEFBF8005936CBF5FEB88CE327BDBD56AD70749F502FF9D5DECF575C13FA2D17CA8870ED21AD935635D4CC" 
decryptionKey="2A86BF77049EBA3A2FA786325592D640D5ACD17AF8FFAC04" validation="SHA1" />
< sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" 
cookieless="false" timeout="20"/>

in both sites.
3) compile and test the site
4) become disappointed because it does not work. I never see the session from the second webapp.

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You cannot share sessions between different ASP.NET applications without some custom code. What you did in web.config was to use an out of process sessions, which means that data will no longer reside into memory but into the memory of a dedicated machine. This is useful for server farms and it uses the ApplicationName to know which application the session belongs to. So basically your applications need to have the same name if you want them to share sessions. There are some dirty workarounds though.

Method 2

Why do you want to share Sessions between applications? ASP.NET Session is not designed to do that.

Your proposed solution of using the same ASP.NET State Server does not work because your user will simply get 2 different session tokens, even if they use your 2 applications concurrently from the same machine, and same browser. You need to consider how Session works to understand why this is.

From MSDN:

ASP.NET session state enables you to store and retrieve values for a
user as the user navigates ASP.NET pages in a Web application. HTTP is
a stateless protocol. This means that a Web server treats each HTTP
request for a page as an independent request. The server retains no
knowledge of variable values that were used during previous requests.
ASP.NET session state identifies requests from the same browser during
a limited time window as a session, and provides a way to persist
variable values for the duration of that session.

ASP.NET Session is a metaphor for a user’s current interaction with one ASP.NET application. It exists in ASP.NET to give us a place to store temporary state data between the various page requests that a user makes while using your application.

If your applications are very closely related, e.g. the user uses both at the same time, or almost the same time, you could consider merging them into a single ASP.NET application. You could deploy them into different Virtual Directories to maintain some degree of logical separation, but use only one Application in IIS.

If your applications are not that closely related, perhaps they should be sharing the same database as a means to exchange data, or using an API e.g. based on Web Services to exchange information.

Method 3

They will share session data if they are in the same app pool and the session mode is set to inproc. The way that stateserver and sqlstate work is they use the root of your web address as logical boundaries.

Eg if they are both hosted on the same address and port (or ‘site’ in iis) but in different sibfolders then they should share session I think.

Method 4

Additionally both apps must run on the same domain so that user browser use one cookie to store session id.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x