• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3994
  • Last Modified:

Share Session State over multiple domains but same site

I know other questions like this has been up before but I couldn't find the exakt problem so I post a new one here.

my thing is that I have one site in IIS, it's configured without hostheader, only IP

I have a bunch of domain names pointed to that IP.
example
www.mysite.com
www.myothersite.com
www.somemoresites.com

I want to share sessions between all those domains, user can navigate throw all of them.
it's really only one site, same content and all but the browser starts a new session cookie for each domain name.

how can this be solved?
0
jimmieandersson
Asked:
jimmieandersson
  • 2
  • 2
  • 2
  • +1
2 Solutions
 
hismightinessCommented:
This is a great summary article that MAY help you get this done.
http://idunno.org/articles/277.aspx

This one is more detailed in its descriptions and steps:
http://www.developer.com/db/article.php/3595766

Here is the official MS documentation on this:
http://support.microsoft.com/kb/317604
http://msdn2.microsoft.com/en-us/library/ms972429.aspx

However, I am not 100% positive that this will solve the issue due to the domain name differences, but I would imagine it would work, as long as all of the domains are indeed hitting the same codebase.  You may need to rename the application names to match in IIS (if that is even possible).
0
 
jimmieanderssonAuthor Commented:
Thank you very much but if I understand it correctly, this won't work.

If the situation had been the opposite. If I had multiple web-servers but all under the same domain name, they could all share session data. but thats not the case here.

the only way I have solved the problem, is with cookieless="true" as parameter in sessionState, this will automaticly add the sessionId at the URL (believe its called cookie munging)
eg: http://www.mysite.com/(S(an3pwmqyfqvrrti0whfxulvp))/Default.aspx

but this is not an acceptable solution.

maybe I have missunderstood the use of SQL Server as session state and it actually will work, please help me out a little bit more.
0
 
raterusCommented:
That's a very tricky setup you have, because browsers are never going to send the cookie for domain1.com while requesting domain2.com, that's a major security violation.

Cookieless sessions, like you have mentioned, are the only way right now I can see this working.  Any reason (besides the ugly URL's) you do not like it?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
jimmieanderssonAuthor Commented:
okey, that didn't sound to hopefull.

The ugly URL's are one of two reasons I can't accept it.
The other one is that I'm afraid that a user will copy the URL and paste it to a friend, then the friend will get logged on with the senders user account.

thank you raterus
It sounds like I have to give this up :(
0
 
raterusCommented:
You can likely fix problem two by relating the IP to sessionID, and if they don't match, end the session immediately.  You could probably rig this up in global.asax somewhere.
0
 
hismightinessCommented:
jimmieandersson: It looks like raterus' suggestion is your best bet.  

On a side note, you do not need to have a web farm to benefit (and sometimes not) from moving your session information to SQL Server.
0
 
ventaurCommented:
The only way I see you getting around this to have all of the domains redirect to one of them via IIS (set a host header for myothersite.com and redirect it to mysite.com). raterus is correct; it is a huge security violation to share session cookies across domains.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now