Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Share Session State over multiple domains but same site

Posted on 2007-11-15
7
Medium Priority
?
3,971 Views
Last Modified: 2008-02-21
I know other questions like this has been up before but I couldn't find the exakt problem so I post a new one here.

my thing is that I have one site in IIS, it's configured without hostheader, only IP

I have a bunch of domain names pointed to that IP.
example
www.mysite.com
www.myothersite.com
www.somemoresites.com

I want to share sessions between all those domains, user can navigate throw all of them.
it's really only one site, same content and all but the browser starts a new session cookie for each domain name.

how can this be solved?
0
Comment
Question by:jimmieandersson
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 9

Expert Comment

by:hismightiness
ID: 20289249
This is a great summary article that MAY help you get this done.
http://idunno.org/articles/277.aspx

This one is more detailed in its descriptions and steps:
http://www.developer.com/db/article.php/3595766

Here is the official MS documentation on this:
http://support.microsoft.com/kb/317604
http://msdn2.microsoft.com/en-us/library/ms972429.aspx

However, I am not 100% positive that this will solve the issue due to the domain name differences, but I would imagine it would work, as long as all of the domains are indeed hitting the same codebase.  You may need to rename the application names to match in IIS (if that is even possible).
0
 

Author Comment

by:jimmieandersson
ID: 20289448
Thank you very much but if I understand it correctly, this won't work.

If the situation had been the opposite. If I had multiple web-servers but all under the same domain name, they could all share session data. but thats not the case here.

the only way I have solved the problem, is with cookieless="true" as parameter in sessionState, this will automaticly add the sessionId at the URL (believe its called cookie munging)
eg: http://www.mysite.com/(S(an3pwmqyfqvrrti0whfxulvp))/Default.aspx

but this is not an acceptable solution.

maybe I have missunderstood the use of SQL Server as session state and it actually will work, please help me out a little bit more.
0
 
LVL 33

Accepted Solution

by:
raterus earned 1500 total points
ID: 20289628
That's a very tricky setup you have, because browsers are never going to send the cookie for domain1.com while requesting domain2.com, that's a major security violation.

Cookieless sessions, like you have mentioned, are the only way right now I can see this working.  Any reason (besides the ugly URL's) you do not like it?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:jimmieandersson
ID: 20289756
okey, that didn't sound to hopefull.

The ugly URL's are one of two reasons I can't accept it.
The other one is that I'm afraid that a user will copy the URL and paste it to a friend, then the friend will get logged on with the senders user account.

thank you raterus
It sounds like I have to give this up :(
0
 
LVL 33

Assisted Solution

by:raterus
raterus earned 1500 total points
ID: 20289859
You can likely fix problem two by relating the IP to sessionID, and if they don't match, end the session immediately.  You could probably rig this up in global.asax somewhere.
0
 
LVL 9

Expert Comment

by:hismightiness
ID: 20289926
jimmieandersson: It looks like raterus' suggestion is your best bet.  

On a side note, you do not need to have a web farm to benefit (and sometimes not) from moving your session information to SQL Server.
0
 
LVL 6

Expert Comment

by:ventaur
ID: 20290049
The only way I see you getting around this to have all of the domains redirect to one of them via IIS (set a host header for myothersite.com and redirect it to mysite.com). raterus is correct; it is a huge security violation to share session cookies across domains.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question