There is a general belief among developers this session state maintenance is always against one
Domain/site. And therefore one can not maintain the session state across different domains. Usually there is
No such requirement to maintain sessions state across different domains. But of late due to increase in the
The scope of web based applications developers feel the need to share the session state with other domains.
The other domain may is a sister concern of the same company, or May is the business-to-business partner. So the question
Arises how one can share the sessions variables across other domains easily and safely.
--------------------------------------------------------------------------------
Share Session variables across Domains
Introduction
There is a general belief among developers this session state maintenance is always against one
Domain/site. And therefore one can not maintain the session state across different domains. Usually there is
No such requirement to maintain sessions state across different domains. But of late due to increase in the
The scope of web based applications developers feel the need to share the session state with other domains.
The other domain may is a sister concern of the same company, or May is the business-to-business partner. So the question
Arises how one can share the sessions variables across other domains easily and safely.
Sharing Session variables using ASMS
Configure ASMS
Sharing session variables across domains are very easy using ASMS. ASMS Standard and Advanced both
Support Sharing Session variables. Lets assume two different domains mydomain1.com and mydomain2.com. and
The requirement is to share session variables between mydomain1.com and mydomain2.com. For simplicity
Sake lets assume one webserver for mydomain1.com and mydomain2.com. (It ' s also possible so share
Session variables between different domains hosted on same webserver). So www.mydomain1.com points to
Webserver of Domain1 and www.mydomain2.com points webserver of mydomain2.com.
Install ASMS on both webservers. Both ASMS should share a common LDAP server to share session variables.
Lets assume that common LDAP server is ldap.mydomain.com. On the webserver of mydomain1.com, open the ASMS
Admin Console.
For the,
LDAP Path Enterldap://ldap.mydomain.com:1002/o=mydomain/ou=members
Ldapadminentercn=administrator,ou=members,o=mydomain
Enter the Admin Password. Set your session time out duration. If you are want to support cookies then set
Support Cookies to True.
Click the ' Test LDAP Source ' button. If it returns ' successful ' Then ASMS has been configured
On the webserver of mydomain1.com.
Do the same on the webserver of mydomain2.com. Take care to enter the same LDAP path
(ldap://ldap.mydomain.com:1002/o= mydomain/ou=members) for the webserver of mydomain2.com. This way we
Ensure that ASMS of the both webservers point to the same LDAP Server. Test LDAP connection by clicking ' Test
LDAP source ' button. If it returns successful then ASMS has been configured properly on webserver of
Mydomain2.com also and they both point to the same LDAP server.
Start session on Webserver of mydomain1.com
One can use the functions.asp (link to function.txt) given in the sample files and include this file in
All ASP pages. If functions.asp has been used then session can is started by just calling
function on the default.asp of mydomain1.com webserver.
If function.asp is isn't used, then following code can be used to start the sessions in Default.asp page
<%
Set objsession = Server.CreateObject ("Session.management")
Objsession.sessionstart ()
Set objsession = Nothing
% >
To assign sessions variables in mydomain1.com
<%
Set objsession = Server.CreateObject ("Session.management")
Objsession.checksession ()
Objsession.setsession "givenname", John.
Objsession.setsession "SN", Anderson
Objsession.setsession "Mail", John@Anderson.com
Objsession.setsession "UserPassword", password
Objsession.setsession "Accountstatus", 1
Set objsession = Nothing
% >
To retrieve session variables
<%
Dim strFirstName, strLastName, stremailaddress
Dim strpassword, Intstatus
Set objsession = Server.CreateObject ("Session.management")
Objsession.checksession ()
strFirstName = Objsession.getsession ("givenname")
strLastName = Objsession.getsession ("sn")
stremaiaddress = Objsession.getsession ("Mail")
strpassword = Objsession.getsession ("UserPassword")
Intstatus = Objsession.getsession ("Accountstatus")
Set objsession = Nothing
% >
Sharing Session Variables
To share the sessions variables between domains, one need to pass the Sessionguid value to the other
Domain. ASMS maintains session by using this sessionguid. This can do by passing the ' sessionguid '
Cookie value to the other domain by either query string or by hidden form field.
<ahref=http://www.mydomain2.com/default.asp?sessionguid= <%= request.cookies ("SessionGUID")% > >
mydomain2.com</a>
Add few lines just after Sessionstart code in default.asp of mydomain2.com domain.
<%
Set objsession = Server.CreateObject ("Session.management")
If request.querystring ("Sessionguid") <> "" Then
Response.Cookies ("sessionguid") = Request.QueryString ("Sessionguid")
Else
Objsession.sessionstart ()
End If
Set objsession = Nothing
% >
To retrieve Mydomain1.com ' s session variables
<%
Dim strFirstName, strLastName, stremailaddress
Dim strpassword, Intstatus
Set objsession = Server.CreateObject ("Session.management")
Objsession.checksession ()
strFirstName = Objsession.getsession ("givenname")
strLastName = Objsession.getsession ("sn")
stremaiaddress = Objsession.getsession ("Mail")
strpassword = Objsession.getsession ("UserPassword")
Intstatus = Objsession.getsession ("Accountstatus")
objsession = Nothing
% >
This way we can share session variables between two different using domains.
scenarios, where sharing session Variables across Domains could be required
Sharing session variables are required in so many types of web scenarios. Some of them are-
1. Common Login between two different domains-if you don ' t want the users who have logged in
Mydomain1.com to once again is validated in mydomain2.com.
2. Sharing session variables with your business-to-business partner.
3. Developing your own ' Microsoft Passport ' like Web site.
Conclusion
Here we have seen how to ASMS one can easily share session variables across two different
Domains. This method has the been actually implemented on live web sites. Menswear.com
(http://www.menswear.com) and womenswear.net (http://www.womenswear.net) use ASMS to share session state
Across two of their domains. When the users go from menswear.com to womenswear.com, the they need not re-login.
The Users need to login is at the either menswear.com or at womenwear.com. The authentication details are shared
Between two domains.
Download sample code for this page.
Http://files.driveway.com/download/vapp03-653b18dcaf1f3ccb/28271119/Sharing+Session+Variables+Samples.zip
