Share session between subdomains?

Discussion in 'ASP .Net' started by Hans Kesting, May 5, 2006.

  1. Hans Kesting

    Hans Kesting Guest

    Hi,

    Is it possible to share sessions between subdomains?

    Say: the user logs in at www.company.com, and is redirected to
    my.company.com. This is a different url for the same application. Can I
    keep the session (so I still know WHO has logged in)?

    The problem (as I see it) is the session-cookie. If that has a domain
    of "www.company.com", it will not be transferred to "my.company.com".
    But: a cookie with a domain of just "company.com" will be sent to both
    subdomains. Is it possible to set the domain of the session-cookie?

    Any other suggestions, apart from storing the identity in
    application-state under some id and using that id in the redirect to
    retrieve it in the new session?


    Hans Kesting
    Hans Kesting, May 5, 2006
    #1
    1. Advertising

  2. You can keep parts of the session. To do this, set the machine keys, both
    encrypt and decrypt, to the same values on each server (not the same values
    as each other, but the keys must be the same on both). You also have to set
    the exact same cookie name. This allows the two apps to access the same
    session cookie. Session number and user name stay consistent.

    This will keep the user in session and you will be able to have single sign
    on.

    Now the bad news. If you are one that sets up a lot of user information in
    session, you will have to recreate that info with every subdomain the user
    traverses.

    One solution is to create the info every time you notice there is no user
    info. THis means multiple apps holding the same info, however. The other is
    to persist the information and grab on either a session or page
    (cache/viewstate) basis. Either one causes dupe info in memory, unless you
    grab the info each page hit (ouch).

    You can also put the info in a user cookie, but that just switches the
    persistence mechanism to the user's drive and causes you to pull from
    cookies. It has some other down sides, like the ability to turn off cookies.

    What you do depends largely on your state mechanism. Do you grab info as
    needed or use session, etc.? That will determine how much info you end up
    repeating.

    --
    Gregory A. Beamer

    *************************************************
    Think Outside the Box!
    *************************************************
    "Hans Kesting" <> wrote in message
    news:...
    > Hi,
    >
    > Is it possible to share sessions between subdomains?
    >
    > Say: the user logs in at www.company.com, and is redirected to
    > my.company.com. This is a different url for the same application. Can I
    > keep the session (so I still know WHO has logged in)?
    >
    > The problem (as I see it) is the session-cookie. If that has a domain of
    > "www.company.com", it will not be transferred to "my.company.com".
    > But: a cookie with a domain of just "company.com" will be sent to both
    > subdomains. Is it possible to set the domain of the session-cookie?
    >
    > Any other suggestions, apart from storing the identity in
    > application-state under some id and using that id in the redirect to
    > retrieve it in the new session?
    >
    >
    > Hans Kesting
    >
    >
    Cowboy \(Gregory A. Beamer\), May 5, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rahul T via .NET 247

    Sharing Session Info across subdomains

    Rahul T via .NET 247, May 4, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    494
    Rahul T via .NET 247
    May 4, 2004
  2. K. Jansma
    Replies:
    7
    Views:
    317
    Duncan Booth
    Feb 21, 2006
  3. Replies:
    1
    Views:
    350
    bruce barker
    Dec 10, 2007
  4. Saraswati lakki
    Replies:
    0
    Views:
    1,284
    Saraswati lakki
    Jan 6, 2012
  5. Kenny Lai
    Replies:
    8
    Views:
    180
    Peter Michaux
    Nov 17, 2006
Loading...

Share This Page