I manage shared session state across 2 production web servers using SQL Server database.
Recently I realized (And I am almost sure that this wasn't the case before) that the session is not really shared when jumping from server to server.
Both servers run the same website on the same domain and are balanced using a hardware load balancer. Both run under IIS7. And in both servers the ASP.NET State Service is running.
When inspecting the HTTP headers and cross referencing with SQL profiler captures I found what I think might be the problem.
The SessionId value in my cookies is a 24 character string, e.g: y4hfairc2xbwlupkdsqpv0nz
The SessionID as recieved by the ASPState database and as stored there is longer and has server specific 8 character postfix. e.g. 2476b033 or 2b7731d2 which is consistent across all sessions stored in the database.
The SessionIDs therefore look like: y4hfairc2xbwlupkdsqpv0nz2476b033 or y4hfairc2xbwlupkdsqpv0nz2b7731d2
Obviously because of that the session is not shared and each server maintains its own session state.
Anyone using a similar configuration that might have encountered this before?
Thanks
update
Turns out here: SessionId saved in SQL Server is different from the one generated from the asp.net runtime that the extra characters are the IIS AppID. Now I have to find out how to change it so both servers will match. So far no luck.
Anyone?
