Solved

Share Session State over multiple domains but same site

Posted on 2007-11-15
7
3,859 Views
Last Modified: 2008-02-21
I know other questions like this has been up before but I couldn't find the exakt problem so I post a new one here.

my thing is that I have one site in IIS, it's configured without hostheader, only IP

I have a bunch of domain names pointed to that IP.
example
www.mysite.com
www.myothersite.com
www.somemoresites.com

I want to share sessions between all those domains, user can navigate throw all of them.
it's really only one site, same content and all but the browser starts a new session cookie for each domain name.

how can this be solved?
0
Comment
Question by:jimmieandersson
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 9

Expert Comment

by:hismightiness
ID: 20289249
This is a great summary article that MAY help you get this done.
http://idunno.org/articles/277.aspx

This one is more detailed in its descriptions and steps:
http://www.developer.com/db/article.php/3595766

Here is the official MS documentation on this:
http://support.microsoft.com/kb/317604
http://msdn2.microsoft.com/en-us/library/ms972429.aspx

However, I am not 100% positive that this will solve the issue due to the domain name differences, but I would imagine it would work, as long as all of the domains are indeed hitting the same codebase.  You may need to rename the application names to match in IIS (if that is even possible).
0
 

Author Comment

by:jimmieandersson
ID: 20289448
Thank you very much but if I understand it correctly, this won't work.

If the situation had been the opposite. If I had multiple web-servers but all under the same domain name, they could all share session data. but thats not the case here.

the only way I have solved the problem, is with cookieless="true" as parameter in sessionState, this will automaticly add the sessionId at the URL (believe its called cookie munging)
eg: http://www.mysite.com/(S(an3pwmqyfqvrrti0whfxulvp))/Default.aspx

but this is not an acceptable solution.

maybe I have missunderstood the use of SQL Server as session state and it actually will work, please help me out a little bit more.
0
 
LVL 33

Accepted Solution

by:
raterus earned 500 total points
ID: 20289628
That's a very tricky setup you have, because browsers are never going to send the cookie for domain1.com while requesting domain2.com, that's a major security violation.

Cookieless sessions, like you have mentioned, are the only way right now I can see this working.  Any reason (besides the ugly URL's) you do not like it?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:jimmieandersson
ID: 20289756
okey, that didn't sound to hopefull.

The ugly URL's are one of two reasons I can't accept it.
The other one is that I'm afraid that a user will copy the URL and paste it to a friend, then the friend will get logged on with the senders user account.

thank you raterus
It sounds like I have to give this up :(
0
 
LVL 33

Assisted Solution

by:raterus
raterus earned 500 total points
ID: 20289859
You can likely fix problem two by relating the IP to sessionID, and if they don't match, end the session immediately.  You could probably rig this up in global.asax somewhere.
0
 
LVL 9

Expert Comment

by:hismightiness
ID: 20289926
jimmieandersson: It looks like raterus' suggestion is your best bet.  

On a side note, you do not need to have a web farm to benefit (and sometimes not) from moving your session information to SQL Server.
0
 
LVL 6

Expert Comment

by:ventaur
ID: 20290049
The only way I see you getting around this to have all of the domains redirect to one of them via IIS (set a host header for myothersite.com and redirect it to mysite.com). raterus is correct; it is a huge security violation to share session cookies across domains.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question