Session management in ASP.NET.

Question

Session management in ASP.NET.

I just had a question about session management in ASP.NET. I looked at 3 options in IIS (InProc, StateServer, and SQL Server), and I had problems deploying session duration on multiple servers and in multiple web applications. Are there other options available for managing sessions, cross-subdomains (from the same parent), and multiple web applications in each domain?

I will give you an example: Imagine the website www.thisismysite.com.au. When I log in, I go to login.thisismysite.com.au. while browsing the site, I go to www.thisismysite.com.au/MyWebApp/. What I'm trying to achieve is to keep the session stored in all three links. I know about one third-party tool that can do this, Groat SessionFarm, but I wonder if there are others there? In addition, there is a combination of SSL / non SSL, if that matters.

Note. I don’t care about identity, I can implement Windows Identity Foundation (or the like) and send applications around all three places. I am persistent after the session.

Thanks heaps Lee

EDIT: I ended up going with a third-party piece of code that we could customize for our purposes. It works great, and by buying the source code, we can update it as we need.

+6

asp.net session stateserver

lkoutzas Aug 08 '11 at 1:38

source share

5 answers

A rogers · Answer 1 · 2012-02-21T21:27:58+0000

The State Server or repository in SQL Server should work just fine for what you are trying to do - even in multiple applications, but you must remember that all applications must have the same MachineKey.

ASPNET-load-balancing-and-ASPNET-state-server

NTN

Gregory thomson · Answer 2 · 2011-08-08T02:04:30+0000

Sounds like you might need distributed caching?

This post may give you some options to take a look - Distributed Cache / Session Solution for ASP.NET Web Application

I'm a little new to this area, but I'm working on using Microsoft Azure AppFabric caching for session state in my current MVC / ASP.NET project, since Azure web applications do not provide good parameters for session state per se.

I believe that the links in the above record are similar to Azure AppFabric caching and can also handle session state. I have not worked with any of them, so I can not vouch for reliability. Just start this aspect in my own application this weekend.

Greg

James johnson · Answer 3 · 2011-08-08T16:40:53+0000

One option is to manage session state through SQL Server, or you can look at something like NCache to manage state on multiple servers.

H27studio · Answer 4 · 2012-01-05T01:16:16+0000

A production server or SQL server should work. At least for http. The Https request may need to end at the same IP address ... Not sure about that.

You can also use a hardware load balancer / switch that supports sessions. They send the initial request from the user to the server, and the following requests from this user are always sent to the same server. (or they try)

To exchange sessions for only one web application, but to share sessions between applications, what I do at my work is to use classic asp sessions (to support legacy, but asp.net is also valid) when the user logs in , they are created on asp, and they are read from a file named session.asp (the name does not matter) that the file returns values when called from .net, which executes a web request.

For example: session.asp? session_name = the username is called from any local .net application and answers "John", so "John" is inside the session ["session_name"] and session.asp (or aspx, php or something else you want) just writes the text in answer.

I'm not sure if this is clear ... This is a dirty and easy way to do it. At my company, we use it for approximately 300 concurrent users who have tons of sessions each, and seem to work very nicely. Hope it helps .; -)

Shahdat · Answer 5 · 2012-01-05T13:28:13+0000

One of the direct ways to handle multiple web applications using a cache instead of a session.

In this case, the cache key will be a combination of the IP address of the user and the user. Since the cache never expires by default, so you should know with the cache duration

int timeout=20; string key= userid+System.Web.HttpContext.CurrentRequest.ServerVariables("REMOTE_ADDR"); //Set Cache.Insert(key, value, null, DateTime.Now.AddMinutes(timeout), Cache.NoSlidingExpiration); //Get var value=Cache[key];

When logging out, do not forget to delete the cache

 Cache.Remove(key);

Session management in ASP.NET.

More articles: