I'm guetting out of ideas. I'm trying to use the same SessionState between two .Net 4 apps running under the same application pool and using mode="StateServer"
. I did a test on both app and I have a curious result: SessionID is shared, but not the actual session items.
How does it work internally? Is this a security restriction documented somewhere?
Screenshot 1 - I'm setting a session item (a simple date in TestData) in app#1 /SecureSessionTest.aspx:
Screenshot 2 - I'm reading the same session item TestData in app#2 /Apps/SecureSessionTest.aspx, but only the SessionID appears:
I can even set different data in the same Session("key")
. Weird!
They both have this in their web.config:
<machineKey validationKey='7D1094A0FC13B6656141916F69F6E25D0F112A6E94BD3EF5DAEFD9755A367C09607E7D76827AC5ACAD14456665C4E0966F632F09522475758A815A4045BF3F25' decryptionKey='F0DF9FA0522E541FF246ADD8BC285A10E984444AE4361631' validation='SHA1'/>
<sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" timeout="60" regenerateExpiredSessionId="false" cookieName="XXXXXXXX_ASP.NET_SessionId" />
Any ideas? Help is very appreciated!
Carl