Http://www.cnblogs.com/xinhaijulan/archive/2010/08/21/1805116.html
Session-Shared Solutions
1, the client SessionID value is unique;
For different domain names: primary domain, subdomain, cross-site domain name, or cross-server domain name, users will have different sessionid when they open the page.
In order for these sites to log in only once when the user logs on, we have to solve the problem of SessionID, we must make the SessionID in these shared session of the site only one time. SessionID is a string stored in the client's cookie with a key value of Asp.net_sessionid (which can also be stored in a URL, which is not introduced here), so that only the sp.net_sessionid stored at each site can be unique.
Because each client creates a SessionID when it is opened, all we have to do is reset the SessionID. We can override SessionID at the end of the request, inheriting HttpModule.
public class Makesessionidoneonly:ihttpmodule
{
private string M_rootdomain = String. Empty;
#region IHttpModule Members
public void Dispose ()
{
}
public void Init (HttpApplication context)
{
M_rootdomain = configurationmanager.appsettings["Rootdomain"];
Type Stateserversessionprovider = typeof (HttpSessionState). Assembly.GetType ("System.Web.SessionState.OutOfProcSessionStateStore");
FieldInfo Urifield = Stateserversessionprovider.getfield ("S_uribase", BindingFlags.Static | BindingFlags.NonPublic);
if (Urifield = = null)
throw new ArgumentException ("Urifield is not Found");
Urifield.setvalue (null, m_rootdomain);
Context. EndRequest + = new System.EventHandler (context_endrequest);
}
void Context_endrequest (object sender, System.EventArgs e)
{
HttpApplication app = sender as HttpApplication;
for (int i = 0; i < app. Context.Response.Cookies.Count; i++)
{
if (app. Context.response.cookies[i]. Name = = "Asp.net_sessionid")
{
App. Context.response.cookies[i]. Domain = M_rootdomain;
}
}
}
#endregion
}
To use the above code, you must configure the following node entry.
<add name= "node name" type= "Name of class, assembly"/>
2, the session value sharing;
Configure sessionstate nodes, use StateServer or SQL Server to implement session sharing.
To implement cross-server sharing, you must configure the Web. config:
<machinekey decryptionkey= "fd69b2eb9a11e3063518f1932e314e4aa1577bf0b824f369" validationKey= " 5f32295c31223a362286dd5777916fcd0fd2a8ef882783fd3e29ab1fcdfe931f8fa45a8e468b7a40269e50a748778cbb8db2262d44a86bbcea96dca46 Cbc05c3 "validation=" SHA1 "decryption=" Auto "/>
Also, the site configuration on different servers must use the same Web. config, and the site directory configuration will be the same.
2.1. Using StateServer:
The server that stores the session must have the StateServer:ASP.NET status service turned on. The session is lost only if the machine is re-up.
<sessionstate cookieless= "false" timeout= "mode=" StateServer "stateconnectionstring=" tcpip=ipaddress:42424 "/ >
If StateServer is stored natively, the IPAddress is: 127.0.0.1; If StateServer is a remote server, IPAddress is the remote server IP address, and the registry key is modified as follows:
Windows Registry Editor Version 5.00
[Hkey_local_machine\system\currentcontrolset\services\aspnet_state\parameters]
"Port" =dword:0000a5b8
"Allowremoteconnection" =dword:00000001
2.2. Using SQL Server:
The SQL Server Agent service must be turned on, the service is responsible for clearing the expired session, and if there is no service, the session will not expire.
The session is not lost with SQL Server after the machine restarts.
Web. config configuration:
<sessionstate mode= "SQL Server" sqlconnectionstring= "server=dbipaddress; Uid=myid; Pwd=mypwd; " />
Database configuration:
Using the Aspnet_regsql.exe tool
After the ASP. NET 2.0 version, Microsoft provides the Aspnet_regsql.exe tool to easily configure the session database. The tool is located in the system root \microsoft.net\framework\ version number folder on the WEB server.
Examples of Use:
Aspnet_regsql.exe-s. -U sa-p 123456-ssadd-sstype P
-S parameter:
Represents the database instance name. You can use "." Represents the native.
-U and-p parameters:
Represents a user name and password.
-E parameter:
You can select a group in-u–p and-e again. –e represents logging in to the database with the current system user through Windows authentication, and-u-p is logging on to the database using SQL Server users.
-ssadd/–ssremove Parameters:
-ssadd indicates that the session database is added, and-ssremove represents the session database removal.
Sstype parameter Description:
T |
Store session data in the SQL Server tempdb database. This is the default setting. If session data is stored in the tempdb database, session data is lost when you restart SQL Server. |
P |
The session data is stored in the ASPState database instead of stored in the tempdb database. |
C |
Store session data in a custom database. If you specify the C option, you must also use the-D option to include the name of the custom database. |
SessionState parameter Description:
Property |
Description |
Allowcustomsqldatabase |
The optional Boolean property. Specifies whether the session-state SQL database can be a custom database (rather than the ASP. NET default database). If False, the initial directory or database cannot be specified as the value of the sqlConnectionString property. The default session-state SQL database is the ASPState database. For more information, see Session-state mode. This property is a new property in the. NET Framework version 2.0. The default value is False. |
Cookieless |
The optional HttpCookieMode property. Specifies how cookies are used for WEB applications. The cookieless property can be one of the following possible values. The default value is UseCookies.
Value |
Description |
AutoDetect |
ASP. NET determines whether cookies are supported by requesting the browser or requesting the device. AutoDetect uses cookies to retain user data if the browser or requesting device supports cookies, otherwise an identifier is used in the query string. If the browser or device supports cookies, but cookies are currently disabled, the request feature will still use cookies. |
UseCookies |
Cookies are used to retain user data regardless of whether the browser or device supports cookies. |
UseDeviceProfile |
ASP. NET determines whether to use cookies based on the HttpBrowserCapabilities settings. If the HttpBrowserCapabilities setting instructs the browser or device to support cookies, a cookie will be used; otherwise, an identifier will be used in the query string. |
UseUri |
The invocation function uses a query string to store identifiers, regardless of whether the browser or device supports cookies. |
|
CookieName |
The optional String property. Specifies the name of the Cookie that stores the session identifier. This property is a new property in the. NET Framework version 2.0. The default value is "Asp.net_sessionid". |
CustomProvider |
The optional String property. Specifies the name of the custom session state provider that is used to store and retrieve session-state data. This provider is specified in the providers element. The provider is used only when the session-state mode is set to the Custom value. For more information, see Session-state mode. This property is a new property in the. NET Framework version 2.0. The default value is an empty string (""). |
Mode |
The optional Sessionstatemode property. Specifies the location where session-state values are stored. For more information, see Session-state mode. The Mode property can be one of the following possible values. The default value is InProc.
Value |
Description |
Custom |
Session state uses the custom data store to store session state information. |
InProc |
The session is in the state of the ASP. NET worker process. |
Off |
Session state is disabled. |
Sql server |
Session state uses an out-of-process SQL Server database to store state information. |
StateServer |
Session state uses the out-of-process ASP. NET State Service to store state information. |
|
partitionResolverType |
The optional String property. Specifies where session state is stored. If a value is specified in the partitionResolverType property, the sqlConnectionString and stateConnectionString properties are ignored. The connection string returned by the partitionResolverType property is used for each request, connecting to the appropriate server location for the remainder of the request. If the connection string is not valid, ASP. NET throws an exception that is the same exception that is thrown when the configured server connection string is invalid. This property is used to partition session state data on multiple back-end nodes in SQL or state server mode. This property is a new property in the. NET Framework version 2.0. The default value is an empty string. |
regenerateExpiredSessionId |
The optional Boolean property. Specifies whether to re-issue the session ID when the client specifies an expired session ID. By default, the session ID is re-emitted only for cookieless mode when regenerateExpiredSessionId is enabled. For more information, see iscookieless. This property is a new property in the. NET Framework version 2.0. The default value is true. |
Sqlcommandtimeout |
The optional TimeSpan property. Specifies the duration time-out (in seconds) of SQL commands that use the SQL Server session-state mode. The duration time-out is the time, in seconds, that the SQL command can be idle, and the command is canceled after that time. This property is a new property in the. NET Framework version 2.0. The default value is 0:00:30 (30 seconds). |
sqlConnectionString |
The optional String property. Specify a connection string for the computer running SQL Server. This property is required when the Mode property is set to SQL Server value. For more information, see Session-state mode.
Attention |
To increase the security of your application when using SQL Server mode, use protected configuration to encrypt the configured sessionstate section to help protect the sqlconnectionstring value. |
The default value is "Data source=127.0.0.1;integrated Security=sspi". |
stateConnectionString |
The optional String property. Specifies the server name or address and port for Remote Storage session state. The port value must be 42424. This property is required when mode is a StateServer value. Ensure that the server running the ASP is the remote server that stores session-state information. The service is installed with ASP.%systemroot%\microsoft.net\framework\versionnumber\aspnet_state.exe by default. For more information, see Session-state mode.
Attention |
To increase the security of your application when using StateServer mode, use protected configuration to encrypt the configured <sessionState> section to help protect the stateconnectionstring value. |
The default value is "tcpip=127.0.0.1:42424". |
stateNetworkTimeout |
The optional TimeSpan property. Specifies the time (in seconds) that a TCP/IP network connection between the WEB server and the state server can be idle, after which the request is canceled. This property is used when the Mode property is set to the StateServer value. The default value is 10 seconds. |
Timeout |
The optional TimeSpan property. Specifies the number of minutes that the session can be idle before a session is discarded. For in-process and state server mode, the Timeout property cannot be set to a value greater than 525,601 minutes (1 years). Session Timeout configuration settings apply only to ASP. Changing the session timeout value does not affect the session time-out of the ASP page. Similarly, changing the session time-out of an ASP page does not affect the session time-out of ASP. The default value is 20 minutes. |
useHostingIdentity |
optional Boolean property. Specifies whether the session state will revert to the host identity or use client impersonation. If true,asp.net will use one of the following process credentials to connect to the session-state store: Host process; For Microsoft Internet Information Services [IIS] version 5 and 5.1 for ASPNET, for Microsoft Windows Server 2003 is the NETWORK SERVICE. The Application impersonates the identity and uses this credential when the following configuration is used: <identity impersonate= "true" username= "user" password= "pwd"/> If false,asp.net will use the credentials that are currently associated with the operating system thread currently requested to connect to the session-state store. For client impersonation, ASP. NET uses the security credentials negotiated with the browser to connect to the session-state store. If the session state store is connected to false,asp.net, it will not revert to the process identity or the application impersonation identity. For more information, see ASP. This property is a new property in the. NET Framework version 2.0. The Default value is true.
Note |
in the. NET Framework version 1.1, if the Mode property is set to SQL Server and the client impersonation is valid, A Sp.net connects to the computer running SQL Server using client credentials from the ASP. |
&NBSP; |
Inherited properties |
An optional property. An attribute that is inherited by all section elements. |
Xinhaijulan
Source: http://xinhaijulan.cnblogs.com
This article is copyright to the author and the blog Park, Welcome to reprint, but without the consent of the author must retain this paragraph, and in the article page obvious location to the original link, otherwise reserves the right to pursue legal responsibility.
Session-Shared Solutions