share session between more than one web application

RE: share session between more than one web application

You can and can't do what you desire. You can initiate a single sign on
mechanism by using the same encryption keys and cookie name for your
applications. This works well when the apps are on the same machine or web
farm.

Session variables, however, cannot be shared. There are a couple of ways
around this:

1. Set up a service that holds the session key along with pertinent session
information. Call that service when an application does not have the
information and keep the information in session in each app.

2. Place data in a database when the first app is hit. If a second app is
missing session info, grab it. This is essentially the same as version 1, but
the database is the key link.

NOTE: Try to persist as little data as possible.

Another option, if everything is under the same domain name, is to set up
cookies that can be read across apps.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************** ************
Think Outside the Box!
*************** ************


"Ahmed" wrote:
[color=blue]
> Dear All,
> I have three web applications that I want to provide one single web
> interface to all of them.
> If I am able to share the session between them, It will be great. so is this
> possibel?[/color]

Re: share session between more than one web application

Cowboy (Gregory A. Beamer) - MVP wrote:[color=blue]
> "Ahmed" wrote:
>[color=green]
> > Dear All,
> > I have three web applications that I want to provide one single web
> > interface to all of them.
> > If I am able to share the session between them, It will be great. so is this
> > possibel?[/color]
> You can and can't do what you desire. You can initiate a single sign on
> mechanism by using the same encryption keys and cookie name for your
> applications. This works well when the apps are on the same machine or web
> farm.
>
> Session variables, however, cannot be shared. There are a couple of ways
> around this:
>
> 1. Set up a service that holds the session key along with pertinent session
> information. Call that service when an application does not have the
> information and keep the information in session in each app.
>
> 2. Place data in a database when the first app is hit. If a second app is
> missing session info, grab it. This is essentially the same as version 1, but
> the database is the key link.
>
> NOTE: Try to persist as little data as possible.
>
> Another option, if everything is under the same domain name, is to set up
> cookies that can be read across apps.
>[/color]

I'm currently working on something that might be considered to be 6
seperate web applications. It's composed of about 10 different projects
now. Some of these are plain class libraries, which encapsulate
functionality that is used by more than one of the web projects.

One is a basic web project that just references the other web projects.
It lives in a virtual directory of IIS, and is the only one marked as
an application. The others live in subdirectories (and I have to go
into IIS manager every time I add a new one and turn *off* the
application for these, and delete web.config from these directories).

Login is done within the basic root project. It then redirects to
either a) The project which the user is authorised to use, or b) a
selection page, if they are authorised for multiple projects.

Session is shared, single sign on works, and where webprojects don't
need to know about each other, they're not referenced by each other.
Disadvantages: There is only one application. If you need to recycle
one of the projects, you have to recycle all of them. I suppose I could
use additional web.configs within the subdirectories if I needed to
vary some of the behaviour, but so far one web.config has met all of my
needs.

Damien