How to maintain the same session id across multiple web applications in ASP.NET

Question

I have two identical applications setup on IIS on different virtual directories (I have done some workaround to ensure that they both have the same application name). Is the

Answer 1

Is your goal to share the session state between 2 applications, not just the session ID? I believe the StateServer also uses the application path as well as the SessionID to store the data so even if the SessionID's were the same you still wouldn't be able to share the data. You might have to write your own session module.

Load balancing web apps don't have this problem because the application path is the same across cluster members.

Answer 2

First, configure the sessionState element in your web.config to use cookieName="SOME_COOKIE_NAME_HERE" in both apps.

Then, just make sure the urls have the same TLD (top-level domain), i.e. app1.mydomain.com and app2.mydomain.com and you should be able to handle the Session_Start event in Global.asax and put this code:

    HttpCookie cookie = new HttpCookie("SOME_COOKIE_NAME_HERE", Session.SessionID.ToString());
    cookie.Expires = DateTime.Now.AddMinutes(20);
    cookie.Domain = "*.mydomain.com";
    cookie.HttpOnly = true;
    Response.SetCookie(cookie);

Also, I would recommend that you go with the SqlServer SessionState Mode.

Answer 3

Initially i faced the same issue. What I did is, I overide the jsession id from each domain. I mean, If the user lands on domain1.com, set the same session id for domain2.com from iframe. and vice versa. With this, you can maintain same session across multiple domains.

You need to test the impact over multiple server over network with load balancer.