Retain session when calling from a different website

Question

I have two website consider it as website1 and website2.

In website2 there is a login page .When a user click on the login button it will call a HTTPhandler in website1 to authenticate user.On successful authentication user information will be stored in a Session variable from handler.

Then it will redirect to a page page1.aspx in website1.But the previously set session is not available in the page1.aspx .What will be the issue?

I checked the session id in first request(when calling handler in website 1 from webiste 2) and Second request( redirecting to the page1.aspx from the handler) the session id is different.

How can i retain the session data?

Answer 1

You need to store session data in another process shared to both web site. You can do it intwo different ways:

1. Configure an SQL server
2. Configure SessionState service, a Windows service used to share informations.

In both cases you have to change both web.config files to support the new session mode. I.e. to use SQL:

Prepare a database (from command prompt):

cd \Windows\Microsoft.NET\Framework\v4.0.30319
aspnet_regsql.exe  -ssadd -E -S localhost\sqlexpress

Modify web config as following:

<sessionState mode="SQLServer"
        sqlConnectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;Initial Catalog=Test" allowCustomSqlDatabase="true"/>

You don't need to change your code.

Answer 2

Correct me if I an wrong, AFAIK different domains cannot share a single session. One way to handle this is to carry the data to the other site through cookie [encrypt the values for security], then copy this cookie value to the session in the other site receiving it and destroy the cookie.

And if the sites are in different servers you need to handle the "sticky session" so that servers share the session.