My previous articleArticleI mentioned how to share the login status between second-level sites using ASP. NET form authentication,
Http://www.cnblogs.com/jzywh/archive/2007/09/23/902905.html,
Today, I want to write about how to share a session between a second-level domain name site and a second-level domain name site.
First, the session must be shared, and the sessionids between sites must be consistent. How can we ensure that sessionids are consistent?
ASP. the sessionid in. NET is the key value of the cookie stored on the client as ASP. net_sessionid is a string used to maintain the relationship between the viewer sessions. To share the sessionid between the primary site and the secondary domain site, we must first implement ASP. share the net_sessionid cookie.
Crossdomaincookiemodule
Bytes ------------------------------------------------------------------------------------------------
Public Class Crossdomaincookie: ihttpmodule { Private String M_rootdomain =String . Empty; # Region Ihttpmodule members Public Void Dispose (){} Public Void Init (httpapplication context) {m_rootdomain = configurationmanager. appsettings [ "Rootdomain" ]; Context. endrequest + = New System. eventhandler (context_endrequest );} Void Context_endrequest ( Object Sender, system. eventargs e) {httpapplication APP = sender As Httpapplication; For ( Int I = 0; I <app. Context. response. Cookies. Count; I ++) {app. Context. response. Cookies [I]. Domain = m_rootdomain ;}} # Endregion }
The module above resets the domain of all cookies to the root domain, and the root domain is set in Web. config. Someone may say that this is the domain where all cookies are overwritten. Then, he can determine the cookie name. If it is ASP. net_sessionid, the domain name is overwritten.
If the master site and the second-level domain name site are the same site, then you will share the session because the session ID is the same and the session container is the same.
If the primary site and secondary domain site are two different sites, more operations are required.
If the two sites are different servers, the solution should be simple:
1) use the same State server to store sessions.
2) set the same machinekey in the web. config of the two sites.
Machinekey settings see http://msdn.microsoft.com/zh-cn/asp.net/w8h3skw9.aspx
3) set the same name for the two sites
This is done to ensure that the siteid of the two sites is the same. siteid is the hash value of site name. Do not use the default site because the siteid of the default site is not the hash of site name.
If the two sites are on the same server, you need to modify the crossdomaincookie. This method can also be used when the two sites are on different servers:
1) use the same State server to store sessions.
2) use reflection to set the static field s_uribase value of system. Web. sessionstate. outofprocsessionstatestore
Public Class Crossdomaincookie: ihttpmodule { Private String M_rootdomain = String . Empty; # Region Ihttpmodule members Public Void Dispose (){} Public Void Init (httpapplication context) {m_rootdomain = configurationmanager. appsettings [ "Rootdomain" ]; Type stateserversessionprovider = Typeof (Httpsessionstate). Assembly. GetType ( "System. Web. sessionstate. outofprocsessionstatestore" ); Fieldinfo urifield = stateserversessionprovider. getfield ("S_uribase" , Bindingflags. Static | bindingflags. nonpublic ); If (Urifield = Null ) Throw New Argumentexception ( "Urifield was not found" ); Urifield. setvalue ( Null , M_rootdomain); context. endrequest + = New System. eventhandler (context_endrequest );} Void Context_endrequest ( Object Sender, system. eventargs e) {httpapplication APP = sender As Httpapplication; For ( Int I = 0; I <app. Context. response. Cookies. Count; I ++) {app. Context. response. Cookies [I]. Domain = m_rootdomain ;}} # Endregion }
After such modification, you can share the session.
Similarly, if you use SQL Server to store sessions, you can use a similar method to solve the session sharing problem.
Sample File Download http://files.cnblogs.com/jzywh/ShareSessionSample.zip