All geek questions in one place

How to ensure that session state is NOT used for applications hosted on the same server

My question is: the opposite of the following words Sharing session state between two ASP.NET applications using SQL Server as well as How to maintain the same session identifier in multiple ASP.NET web applications .

Our application uses a state server to store session information, and we often want to host multiple versions of the same application on the same web server.

At the moment, since the ASP.NET_SessionId cookie ASP.NET_SessionId not saved with respect to any path, if I got to http://donkey.com/app1 and started a new session, then in the same browser session go to http://donkey.com/app2 , I inherit the session identifier (and therefore session state) from application 1.

Is there a way to persuade ASP.Net to set the path when it stores the session identifier cookie and thus break this unwanted exchange of session state?

+4
source share
2 answers

You will need to use different cookieName for each web application in web.config.

The default is ASP.NET_SessionId.

You can also install it programmatically. Check out this post .

+10
source

You can use subdomains to achieve this. for example, http://app1.donkey.com and http://app2.donkey.com . By default, cookies are not transmitted by domain.

Another way to do this is to specify the cookie name programmatically, based on some configuration value that determines which version you are using.

0
source

Source: https://habr.com/ru/post/1343894/

More articles:


All Articles