Share Session State over multiple domains but same site

I know other questions like this has been up before but I couldn't find the exakt problem so I post a new one here.

my thing is that I have one site in IIS, it's configured without hostheader, only IP

I have a bunch of domain names pointed to that IP.
example
www.mysite.com
www.myothersite.com
www.somemoresites.com

I want to share sessions between all those domains, user can navigate throw all of them.
it's really only one site, same content and all but the browser starts a new session cookie for each domain name.

how can this be solved?
jimmieanderssonAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
raterusConnect With a Mentor Commented:
That's a very tricky setup you have, because browsers are never going to send the cookie for domain1.com while requesting domain2.com, that's a major security violation.

Cookieless sessions, like you have mentioned, are the only way right now I can see this working.  Any reason (besides the ugly URL's) you do not like it?
0
 
hismightinessCommented:
This is a great summary article that MAY help you get this done.
http://idunno.org/articles/277.aspx

This one is more detailed in its descriptions and steps:
http://www.developer.com/db/article.php/3595766

Here is the official MS documentation on this:
http://support.microsoft.com/kb/317604
http://msdn2.microsoft.com/en-us/library/ms972429.aspx

However, I am not 100% positive that this will solve the issue due to the domain name differences, but I would imagine it would work, as long as all of the domains are indeed hitting the same codebase.  You may need to rename the application names to match in IIS (if that is even possible).
0
 
jimmieanderssonAuthor Commented:
Thank you very much but if I understand it correctly, this won't work.

If the situation had been the opposite. If I had multiple web-servers but all under the same domain name, they could all share session data. but thats not the case here.

the only way I have solved the problem, is with cookieless="true" as parameter in sessionState, this will automaticly add the sessionId at the URL (believe its called cookie munging)
eg: http://www.mysite.com/(S(an3pwmqyfqvrrti0whfxulvp))/Default.aspx

but this is not an acceptable solution.

maybe I have missunderstood the use of SQL Server as session state and it actually will work, please help me out a little bit more.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
jimmieanderssonAuthor Commented:
okey, that didn't sound to hopefull.

The ugly URL's are one of two reasons I can't accept it.
The other one is that I'm afraid that a user will copy the URL and paste it to a friend, then the friend will get logged on with the senders user account.

thank you raterus
It sounds like I have to give this up :(
0
 
raterusConnect With a Mentor Commented:
You can likely fix problem two by relating the IP to sessionID, and if they don't match, end the session immediately.  You could probably rig this up in global.asax somewhere.
0
 
hismightinessCommented:
jimmieandersson: It looks like raterus' suggestion is your best bet.  

On a side note, you do not need to have a web farm to benefit (and sometimes not) from moving your session information to SQL Server.
0
 
ventaurCommented:
The only way I see you getting around this to have all of the domains redirect to one of them via IIS (set a host header for myothersite.com and redirect it to mysite.com). raterus is correct; it is a huge security violation to share session cookies across domains.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.