Asp. NET in different child domains sharing Session specific method _ practical skills

Source: Internet
Author: User
Tags sessions dedicated server

Today, I met the problem and studied it. To solve this problem, we must first understand some of the mechanism of the session. Session in the server is in the form of a hash table, we all know that sessions are conversational level, each user access will generate a conversation. So how does the server differentiate between different user sessions? And how do you bind different users ' sessions to different users? Here we look at the following is purely my personal understanding, if there are errors please testify.

Session on the server side is in the form of a hash table, distinguish each session is through the SessionID to achieve, so it can be said that the SessionID is a key is a globally unique value. We can print out the SessionID by asp.net to the following code:

Copy Code code as follows:

protected void Page_Load (object sender, EventArgs e)
{
Response.Write (Session.SessionID.ToString ());
}

So we get the value: 0julmoedn0kz3gyfnr1vksv0, a bit like a GUID, even if not the algorithm is similar, mainly to ensure global uniqueness. This achieves the purpose of distinguishing the sessions of different users. Then there is the second question, which is sessionid, but how does it bind to the corresponding visitor (user)? For example, user a access to maintain their own sessionid, User B Access also maintained their own sessionid. We all know that the Web is based on HTTP without links, and how do they do it? Yes, the answer is to store your own SessionID on the client. There are two ways to store SessionID in browsers, one of which is to use cookies, and one is to take advantage of URL parameters (which we don't use very often and are unfriendly).

The topic says cookies come up, what? Did not expect the session and cookies have such a relationship? (A lot of people know, don't bs me) Yes, when we ask for a URL, the server generates a global SessionID, and the value is stored as a cookie in the client is the browser (the URL is not discussed here). So when the user requests again, the HTTP header to the SessionID cookies to the server side, the server to find this SessionID, if found. It proves that the user's status exists.

Know this principle, our problem also has a brow, that is to use cookies to save SessionID, then we can cheat on the cooikes. We all know that Cooikes records are based on domains (for example: http://www.jb51.net/), which is also required by various browsers. If you do not do this, security will be problematic. All we have to do is to specify the parent domain of the cookie, without specifying the domain, so that the cookies can cross the subdomain. Cookies can specify fields like this:

Copy Code code as follows:

protected void Page_Load (object sender, EventArgs e)
{
response.cookies["Mycook"]. Domain = ". Jb51.net";
}

In this way, all of our level two domains are all recognized as the primary domain, such as a.jb51.net;b.jb51.net;user.jb51.net and so on. With this understanding, I think we have a few in mind, how to do, but now the problem is used to generate SessionID method is ASP.net automatic implementation, how do we interfere with it? This is done, do not actively interfere with it, but I can operate its cookies ah. Next, we will study the name of the cooike of the ASP.net deposit SessionID. It's easy to find after the Internet, the name is: Asp.net_sessionid, this is SessionId's cookie name. We can write this in session_start:

Copy Code code as follows:

protected void Session_Start (object sender, EventArgs e)
{

response.cookies["Asp.net_sessionid"]. Value = Session.SessionID.ToString ();

response.cookies["Asp.net_sessionid"]. Domain = ". Jb51.net";

}

The meaning of the code is that every time the session starts, I rewrite the Asp.net_sessionid cookie into the sessionid we already have, and specify the domain of the cookie as the parent, for example:. Jb51.net, This enables session sharing across subdomains. How simple is it?

We also have an external problem, that is, the client save the problem solved, but the server side of the session how to do? In general, our different subdomains do is to point to different servers, such as user.jb51.net dedicated a server, yellow.jb51.net a dedicated server. At this point they do not say the process, not even physical one. How to share the session? Then there's another way, and our default session is stored in the asp.net process, so we can't access each other, as shown here:

Copy Code code as follows:

<sessionstate mode= "InProc"/>

We can modify the state server approach, which is a separate service that can be used to store asp.net sessions, and it supports distributed remote hosts so that we can use a server to provide session services, as follows:

Copy Code code as follows:

<sessionstate mode= "StateServer" stateconnectionstring= "tcpip=127.0.0.1:42424" timeout= "/>"

Thus, the session sharing of different subdomains is completely realized.

In front of the URL to save SessionID way, because not commonly used, for everyone to demonstrate that the following configuration can be:

Copy Code code as follows:

<sessionstate mode= "StateServer" stateconnectionstring= "tcpip=127.0.0.1:42424" timeout= "true"/ >

The cookieless property specifies whether to save the SessionID with a cookie, and we run it to get the following look:

http://localhost:3380/(S (DQXCS455N4U2VG55IA51FVQG))/default.aspx

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.