Passing session data between ASP.NET Applications

7
votes

We have several ASP.NET applications deployed to a few servers. Is there a standard way to reuse session data or some other method to not require users to log in to the next application when moving from application to application if they've already authenticated? I'm hoping there's a best practices way of doing this that you guys know about. I feel like there should be something easy that I'm missing.

Thanks.

Edit: To be be more clear, the main info in the session that I'd like to pass is the authenticated userid, but possibly some other session variables as well.

5
asp.netweb-applicationssession
Authentication and session are 2 separate (although related) issues, answered the session bit on my responseeglasius

5 Answers

0
votes

It's not clear from you question if you're just concerned about logons, or if you really need to share session data between applications.

Assuming the latter, you could try something like this:

  • first, make sure all the appliations are running in the same domain. If not, all bets are off. I don't know if there's a simple way to configure the domain property of the session cookie yet, so you may have to do it yourself, by setting the cookie domain property to the domain:

    Response.Cookies["ASP.NET_SessionId"].Domain = ".mydomain.com";

  • you'll need to make sure that each application is configured to use either a common state server, or a db-backed session.

0
votes

Sharing a sign-on between applications (covered above) is quite a different ball game to sharing ASP.NET Sessions between applications.

Why do you want to share Sessions between applications?

ASP.NET Session is a metaphor for a user's current interaction with one ASP.NET application. It exists in ASP.NET to give us a place to store temporary state data between the various page requests that a user makes while using your application.

If your applications are very closely related, e.g. the user uses both at the same time, or almost the same time, you could consider merging them into a single ASP.NET application.

If your applications are not that closely related, perhaps they should be sharing the same database as a means to exchange data, or using an API e.g. based on Web Services to exchange information.

Hope that helps.