Sharing ASP.Net session between 2 websites on IIS8 does not work

1
votes

I need to share asp.net session between 2 websites on same IIS.

  • I created a custom session db and hijacked the stored procedure to return same appID regardless of app or url.

  • I created a connection string for the db in web.config:

< add name="dbConnSession" connectionString="server=xx.xxx.xx.xx.;database=ASPNETSession;User Id=xxx;Password=xxx" providerName="System.Data.SqlClient" />

  • Then I defined session state:

< sessionState allowCustomSqlDatabase="true" cookieless="AutoDetect" mode="SQLServer" sqlCommandTimeout="10" sqlConnectionString="dbConnSession" timeout="120" sqlConnectionRetryInterval="2" />

I developed the sites on my Win7 machine with IIS7 and login system works perfectly. I can login from 1 site, go to other site and stay logged in.

I moved 2 sites into the web server (windows 2012 with IIS8.5) and the shared session does not work. Sites simply does not share the session. I set a session value on one site and try to see it on the other and session value returns as null. The very same test page works on IIS7.

Does anyone know why IIS8.5 has trouble with something works on IIS7?

1
asp.netsessioniis-7session-stateiis-8.5
Session Id is stored in cookie. By default, cookie cannot be shared across domains due to security reason unless they are subdomains. What are their URLs?Win
they are subdomains. ie: site1.domain.com & site2.domain.comdvdmn
What kind of Authentication method are you using? Are you using FormAuthentication?Win
I solved the problem, I will share the solution later.dvdmn

1 Answers

0
votes

You need to add a machine key that's the same to both web config files.

If goes in system.web and looks something like this:

<machineKey validationKey="[your key]" decryptionKey="[dec key]" validation="SHA1" />

There are a few tools if you Google it that will create one for you.

There are a few reasons why you need this key, mostly because the servers might have different paths to the folder where you code lies or different IIS settings.