Is this how session and application variables work?

[Victor]

I've got two domain names sharing the same IP address that use ASP VBScript

If I set a session variable with domain 1, it is only available for domain 1 - this is
correct?

If I set an application variable with domain 1, the app variable is sharing across all
domains using that IP address - this is correct?

This is the behavior I am seeing and I want to make sure that my server is set up
correct. I especially want to make sure application variable behavior is correct.

Thank you!

 

[Slim]

session variables are for the same web application only, are you talking
about the same web application accessed via 2 domains?

 

[Anthony Jones]

I've got two domain names sharing the same IP address that use ASP VBScript

If I set a session variable with domain 1, it is only available for domain 1 - this is
correct?

If I set an application variable with domain 1, the app variable is sharing across all
domains using that IP address - this is correct?

Nope. The problem is that inorder for the server to identify the session it
sets a session cookie which is sent to the browser. The session cookie will
be rooted in a URL which represents the root of the application. If you use
two different domain names to access the same website they cannot share
sessions.

Eg.

A website is accessed as MyServer as well as MyServer.mydomain.com

It has an application called myapp

Visting http://MyServer/MyApp/Default.asp results in the browser receiving a
session cookie rooted at http://MyServer/MyApp/

Now if in the same browser session you visit another page say
http://MyServer/MyApp/SomeFolder/somepage.asp
the session cookie for http://MyServer/MyApp/ is included in the request
because the root path for the cookie matches the URL requested. This
enables ASP to access session variables that may have be created by
Default.asp earlier because the cookie identifies the session.

Now if, again in the same browser session, you visit yet another page say
http://MyServer.mydomain.com/MyApp/AnotherPage.asp the root path of this URL
does not match the path for which the earlier session cookie was created.
Hence the session cookie is not sent in this request. The server sees
request as needing a new session and does not have any idea about the other
session.

Hope this is clear,

Anthony.

 

[Victor]

I understand your session explanation - thanks! It's the application variable that has
me perplexed.

If www.mydomain1.com and www.mydomain2.com both share the same IP address (domain
aliases), then I thought that their APPLICATION variables, set and read from the domain
root, would still be different. I'm surprised to see that an app variable set with the
first domain is also available to the aliased second domain.

Vic

 

[Bob Barrows [MVP]]

I understand your session explanation - thanks! It's the application
variable that has me perplexed.

If www.mydomain1.com and www.mydomain2.com both share the same IP
address (domain aliases), then I thought that their APPLICATION
variables, set and read from the domain root, would still be
different. I'm surprised to see that an app variable set with the
first domain is also available to the aliased second domain.

Vic

I know it's a silly question, but it's got to be asked: have you taken steps
to ensure that the variable value will be different depending on the domain
in which it's running? I mean, you're not just setting an app variable to a
value in the global.asa file and expecting it to only be set in one of the
domains in which it runs are you?

 

[Anthony Jones]

I understand your session explanation - thanks! It's the application variable that has
me perplexed.

If www.mydomain1.com and www.mydomain2.com both share the same IP address (domain
aliases), then I thought that their APPLICATION variables, set and read from the domain
root, would still be different. I'm surprised to see that an app variable set with the
first domain is also available to the aliased second domain.

Sorry misunderstood your question. Yes the behaviour you are seeing is
correct. The ASP application has not interest in the domain name(s) used to
access it and does not depend on anything from the client to identify the
application. Hence all urls which ultimate resolve to the application folder
(or one of its sub-folders) will identify with the same application on the
web server and will share any application variables.

Anthony.

 

[Victor]

Sorry misunderstood your question. Yes the behaviour you are seeing is
correct. The ASP application has not interest in the domain name(s) used to
access it and does not depend on anything from the client to identify the
application. Hence all urls which ultimate resolve to the application folder
(or one of its sub-folders) will identify with the same application on the
web server and will share any application variables.

Anthony.

 

[Victor]

Sorry misunderstood your question. Yes the behaviour you are seeing is
correct. The ASP application has not interest in the domain name(s) used to
access it and does not depend on anything from the client to identify the
application. Hence all urls which ultimate resolve to the application folder
(or one of its sub-folders) will identify with the same application on the
web server and will share any application variables.

Anthony.

This makes sense. Thank, Anthony.

Vic