Read session data of all users

O

Oleg Ogurok

Hi all,

Is there a way to read other people's session variables?
I understand it makes sense that session state is on per-user basis, but
still...
Is there a way to get a collection of all current HttpSessionState objects
on the server, or at least get a reference to a HttpSessionState objects by
session ID ?
Thanks.

-Oleg.
 
M

MasterGaurav

Yes. You can. But I am not sure if you can do it through any available
API.

Here's one suggestion:

1. Persist the session in database.
2. Use the session-ID to get the data from database.

But you will need to get it and parse it on your own. AFAIK, there's
no direct API available.

--
Cheers,
Gaurav Vaish
http://www.mastergaurav.org
http://mastergaurav.blogspot.com
--------------------------------
 
P

Patrice

What is the goal from a non technical point of view ? Knowing the whole
picture may sometimes yield to better suggestions...
What kind of particular information do you need for all users ?

Patrice
 
O

Oleg Ogurok

Thanks Patrice,

I'm trying to come up with a better way to authenticate a user across
different web applications from a central place. E.g. people accessing app2
and app3 will be redirected to authenticate with app1 if their session
expires. I'm passing encrypted SessionID within URL when redirecting users
between applications.

Right now I have a separate DB table with sessions. I'm wondering if there
is a way to reuse the existing ASP.NET functionality related to
Sessions/Forms Authentication.
 
P

Patrice

There is two separate issues here IMO...

Try :
http://msdn.microsoft.com/library/d...pconformsauthenticationacrossapplications.asp
It should show how to share the ASP.NET Form authentication between several
applications and/or servers...
This is just for the authentication part.

Now for the session variables themselves you have several options :
- having a DB (such as now ? not clear if it is for session variables or
just to implement SSO)
- using the ASP.NET State Server (both are supported by changing the .NET
configuration file)

Note that the option of having each application using its own unique set of
session variables is not always obviously out. For example if each
application only need its own variables and perhaps uses only few mainly
"readonly" ones (such as a user id or stuff like that), it could still work
even though session variables are not shared accross applications...

In all cases, IMO it's not needed to read variables accross sessions. You
just need to access the current session.

Patrice

--
 
O

Oleg Ogurok

Thanks. Unfortunately, this (MSDN) method doesn't work for authenticating
accross applications located on different servers with different URLs, e.g.
http://server1.domain.com/app1, http://server2.anotherdomain.com/app2

I think I'll stick with a DB. I don't really need to implement session data
transfer, just SSO. E.g. both applications need to know the ID of the user
currently logged in, but that's about it.

-Oleg.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

accessing another user's session state 6
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How to get all values of an object 1
Data saving in condition of changing reality 0
Hi, I am a webflow user. I am looking for CSS code that can KEEP ALL ELEMENTS POSITIONED in the SAME spot across all resolutions 0
Read session from module 0
Creating Specialized Session State Store 1
Advanced Session State 2

Members online

No members online now.
Total: 33 (members: 1, guests: 32)
Robots: 445

Forum statistics

Threads
473,770
Messages
2,569,584
Members
45,075
Latest member
MakersCBDBloodSupport

Latest Threads

Top