开发者

Sharing ASP.NET SessionState between 2 apps with a StateServer shares the same SessionID but not key values, why?

开发者 https://www.devze.com 2023-03-24 05:32 出处:网络
I\'m guetting out of ideas. I\'m trying to use the same SessionState between two .Net 4 apps running under the same application pool and using mode=\"StateServer\". I did a test on both app and I have

I'm guetting out of ideas. I'm trying to use the same SessionState between two .Net 4 apps running under the same application pool and using mode="StateServer". I did a test on both app and I have a curious result: SessionID is shared, but not the actual session items.

How does it work internally? Is this a security restriction documented somewhere?

Screenshot 1 - I'm setting a session item (a simple date in TestData) in app#1 /SecureSessionTest.aspx:

Sharing ASP.NET SessionState between 2 apps with a StateServer shares the same SessionID but not key values, why?

Screenshot 2 - I'm reading the same session item TestData in app#2 /Apps/SecureSessionTest.aspx, but only the SessionID appears:

Sharing ASP.NET SessionState between 2 apps with a StateServer shares the same SessionID but not key values, why?

I can even set different data in the same Session("key"). Weird!

They both have this in their web.config:

<machineKey validationKey='7D1094A0FC13B6656141916F69F6E25D0F112A6E94BD3EF5DAEFD9755A367C09607E7D76827AC5ACAD14456665C4E0966F632F09522475758A815A4045BF3F25'   decryptionKey='F0DF9FA0522E541FF246ADD8BC285A10E984444AE4361631' validation='SHA1'/>
<sessionState mode="StateServer" stateConnect开发者_如何学运维ionString="tcpip=localhost:42424" timeout="60" regenerateExpiredSessionId="false" cookieName="XXXXXXXX_ASP.NET_SessionId" />

Any ideas? Help is very appreciated!

Carl


The StateServer keys the session off of a combination of the SessionID cookie, the machine key, AND the application name.

Try having the two applications share the same application pool.

This previous question may be illuminating: Session State and Application Pool

(If my initial suggestion doesn't work please comment and I'll dig deeper)


@Ash is right, the session is based off the sessionID (which is dependent on the machine key as well as the website domain), and application name, but I did get it to work on a single site across application directories (sounds like your scenario) - see my answer on state server session - cross appDomain?

It sounds like the piece you're missing is the explicitly setting the application name in the global.asax (using reflection - I haven't found a configuration setting for this). I just found out about that after googling for the setup all morning.

0

精彩评论

暂无评论...
验证码 换一张
取 消