Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Share Session State over multiple domains but same site

Posted on 2007-11-15
7
Medium Priority
?
3,932 Views
Last Modified: 2008-02-21
I know other questions like this has been up before but I couldn't find the exakt problem so I post a new one here.

my thing is that I have one site in IIS, it's configured without hostheader, only IP

I have a bunch of domain names pointed to that IP.
example
www.mysite.com
www.myothersite.com
www.somemoresites.com

I want to share sessions between all those domains, user can navigate throw all of them.
it's really only one site, same content and all but the browser starts a new session cookie for each domain name.

how can this be solved?
0
Comment
Question by:jimmieandersson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 9

Expert Comment

by:hismightiness
ID: 20289249
This is a great summary article that MAY help you get this done.
http://idunno.org/articles/277.aspx

This one is more detailed in its descriptions and steps:
http://www.developer.com/db/article.php/3595766

Here is the official MS documentation on this:
http://support.microsoft.com/kb/317604
http://msdn2.microsoft.com/en-us/library/ms972429.aspx

However, I am not 100% positive that this will solve the issue due to the domain name differences, but I would imagine it would work, as long as all of the domains are indeed hitting the same codebase.  You may need to rename the application names to match in IIS (if that is even possible).
0
 

Author Comment

by:jimmieandersson
ID: 20289448
Thank you very much but if I understand it correctly, this won't work.

If the situation had been the opposite. If I had multiple web-servers but all under the same domain name, they could all share session data. but thats not the case here.

the only way I have solved the problem, is with cookieless="true" as parameter in sessionState, this will automaticly add the sessionId at the URL (believe its called cookie munging)
eg: http://www.mysite.com/(S(an3pwmqyfqvrrti0whfxulvp))/Default.aspx

but this is not an acceptable solution.

maybe I have missunderstood the use of SQL Server as session state and it actually will work, please help me out a little bit more.
0
 
LVL 33

Accepted Solution

by:
raterus earned 1500 total points
ID: 20289628
That's a very tricky setup you have, because browsers are never going to send the cookie for domain1.com while requesting domain2.com, that's a major security violation.

Cookieless sessions, like you have mentioned, are the only way right now I can see this working.  Any reason (besides the ugly URL's) you do not like it?
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:jimmieandersson
ID: 20289756
okey, that didn't sound to hopefull.

The ugly URL's are one of two reasons I can't accept it.
The other one is that I'm afraid that a user will copy the URL and paste it to a friend, then the friend will get logged on with the senders user account.

thank you raterus
It sounds like I have to give this up :(
0
 
LVL 33

Assisted Solution

by:raterus
raterus earned 1500 total points
ID: 20289859
You can likely fix problem two by relating the IP to sessionID, and if they don't match, end the session immediately.  You could probably rig this up in global.asax somewhere.
0
 
LVL 9

Expert Comment

by:hismightiness
ID: 20289926
jimmieandersson: It looks like raterus' suggestion is your best bet.  

On a side note, you do not need to have a web farm to benefit (and sometimes not) from moving your session information to SQL Server.
0
 
LVL 6

Expert Comment

by:ventaur
ID: 20290049
The only way I see you getting around this to have all of the domains redirect to one of them via IIS (set a host header for myothersite.com and redirect it to mysite.com). raterus is correct; it is a huge security violation to share session cookies across domains.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question