we have a .Net app (solution) that detects a user login is required and does a Response.Redirect(url here) to a different .Net app (solution) that has the user supply userid/pwd to verify access. The login app then populates a Session[variable] with the results and returns to the originating page.
The problem that we're seeing is that the Session data is not returning to the originating page. We can verify that the login app populates the Session data but when we check it in the originating app it returns to, it is null. We are returning to the originating app using the Response.Redirect. We have even added a Reference to our Login app within the calling app. The message we get trying to access the Session data is 'object not set to an instance of an object'. Pretty much as if the page doesn't know anything about that Session data. If both apps are in one solution this works ok, but we would not want to include the login page within each app we write.
If Session data is not the correct method to pass data between apps what should we be using? So far we've researched:
Cookies, but they can be disabled by the user
Querystring, security issue in this instance
Application variables, seems to have the same problem as using Session variables
Cache, same issues as Session and Application variables?
Any input or assistance you could provide here would be appreciated.