How can i share the same session state across different web apps using Azure Redis Cache Session State Provider?
My Web.configs for both applications are like that:
<sessionState mode="Custom" customProvider="MySessionStateStore">
<providers>
<add name="MySessionStateStore"
type="Microsoft.Web.Redis.RedisSessionStateProvider"
port="6380"
host="[myhostname].redis.cache.windows.net"
accessKey="[mykey]"
throwOnError="true"
applicationName="[mySharedAppName]"
ssl="true" />
</providers>
There are typically two things you need to do:
Set the applicationName attribute to the same string value in the web.config of both apps.
If the apps are in different IIS sites or different servers, you may need to change the cookie scope for the ASP.NET_SessionId cookie that ASP.NET sends to the browser for you behind the scenes. You'll get into trouble if the scope of that session cookie doesn't encompass both apps: the web browsers will use different session cookies and your sessions won't be shared. But if you just have two app directories under the same site then you shouldn't need to think about this.
Related
Can ASP.NET applications in a common application pool share session information if they are in separate threads in a single worker process? One of my applications is having issues related to not having any of the session information it needs from the other application, but I used Trace.axd to confirm that requests to each application are using the same session identifier.
I resolved the issues we were experiencing by making our applications "cookieless".
I updated the web.config file for the applications as follows:
<!--sessionState mode="InProc" cookieless="false" timeout="30" /-->
<sessionState mode="InProc" cookieless="true" timeout="30" />
If anyone can explain why this works, I would appreciate the education.
Thank you to all who offered suggestions.
ASP.NET session is scoped "within" application if using out-of-the-box session providers, so each application will have its own session even if the session id/key value appears to be the same. But since the requests to each application are using the same session identifier value, you appear to be well set to implement a custom SessionStateStoreProvider that can store/retrieve data using this identifier across both applications.
You could also have a look at Sharing sessions across applications using the ASP.NET Session State Service, but since this approach involves modifying the workings of the stock SQL session store provider, you'd risk spillover effects on other sites/applications.
I thik it could be helpfull Sharing Aspnet Session across different domains there's no other way.
you cannot share a session between different domain.
there's another solution that could be pass all data via querystring to the other domain so it can rebuild the right session values.
Personally i will invite you to use encrypted value to be sure that are not visibile if you will choose GET option.
I've set up the same site on two servers sitting behind a load balancer. I have the following in my web.config file
<sessionState mode="SQLServer" cookieless="false" allowCustomSqlDatabase="true"
sqlConnectionString="Data Source=server;Initial Catalog=ASPState;Persist Security
Info=True;User ID=user;Password=password" timeout="2880" sqlCommandTimeout="10" />
It appears to be working, I can see the ASPState tables populating when I log in, however I see that if I refresh several times after logging in it goes back and forth between being logged in and not logged in depending on which server I hit. Am I missing something?
I'm using the default webmatrix authentication built into MVC 4.
This ca be because you have different MachineKeys on your servers or the have the default value. And because of this you authentication cookies are encrypted in two different ways.
Try setting the machineKey in your web.config. Here is tool that helps generating the machineKey http://aspnetresources.com/tools/machineKey
As this post explains you will need to have the same Application ID on both servers.
"When you create applications that you expect to share session state using Sql Server, they need the same ID configured in IIS. This is because the session ID that is generated is generated based on the application ID. (Internally the application ID is something like LM/W3SVC/1
The two servers had different IDs for each application in IIS. The resolution is to change the ID under `Manage Website -> Advanced Settings' on each server."
Cheers
I have deployed a RIA Services enabled Silverlight Business application on Azure that uses Forms authentication.
To enable Forms authentication on Azure, I have implemented the Table Storage providers from the Azure Toolkit. It almost works, but I have problems with keeping the session state. After I have logged in, and repeatedly presses F5 to refresh the page I switch between being logged in and logged out.
I have two Web Role Instances, and if I disable one of the it works like a charm. But as soon as I enable the second instance it's back to this sporadic behaviour. So clearly the state is not preserved because of the load balancing. Fine, I forgot to implement the Session provider, so I did:
<sessionState mode="Custom" customProvider="TableStorageSessionStateProvider">
<providers>
<clear />
<add name="TableStorageSessionStateProvider"
type="Microsoft.Samples.ServiceHosting.AspProviders.TableStorageSessionStateProvider"
applicationName="AppAdmin"
/>
</providers>
</sessionState>
Sadly, that didn't help.
Update: The actual table (Session) is created in the Table Storage, but no data is in there.
Any ideas and/or suggestions?
Have you set your machine key in web.config?
I need your help to sort out one problem with session timeout in my application which are hosted on Azure platform.
I have developed web application in asp.net and make login functionality with session and put following code maintain timeout period for session like
<sessionState mode="InProc" timeout="20"></sessionState>
It working fine on local system but when i will tested it with live URL on Azure platform it will signout frequently (session expired).
Can any one please suggest me how can i resolve this issues?
Thanks
Arun.
Are you running more than one WebRole instance? Remember, "InProc" session-state will not be shared across multiple web-role instances. In fact, InProc session state is "evil" in the cloud world, will not work for any deployments with more than 1 instance running. You really want to use another provider, like Session provider for AppFabric Cache
Are you sure the session is expiring? If you are using ASP.NET forms authentication there is another timeout to consider (here I have set it to 180 mins)
<authentication mode="Forms">
<forms loginUrl="Login/" timeout="180"/>
</authentication>
If you do have multiple instances Igorek is right - the session will not be shared.
Please see how-does-microsoft-azure-handle-session-state/1023125#1023125
or refer to the Azure SDK for more information.
I'm working on a multi-tenant ASP.NET MVC application.
So far we have been using HttpContext to store a few objects for the request (technically partitioned by tenant).
However, we will need to use TempData (uses Session) and set authentication cookies.
Our spec:
A tenant can have multiple urls (tenant1.myapp.com or mycustomdomain.com)
Authentication cookies should NOT be shared by tenants
Ideally, a tenant's authentication cookie should be shared by any one of their urls
Is Session domain aware? It seems to be.
Can I set multiple domains on an authentication cookie?
Advice on anything else that may catch me out would be appreciated. Really I just need to understand what needs to be partitioned for each tenant (up to now I've partitioned the file system, database and cache per tenant).
Thanks
Ben
Is Session domain aware?
By default Session is tracked by cookies and because cookies are restricted to the same domain the session is not only domain aware but also application-aware meaning that if you have two applications on the same domain they won't share session.
Can I set multiple domains on an authentication cookie?
No. Cookies cannot be shared between domains. But contrary to sessions you can share them among multiple applications on the same domain (by setting the domain attribute to the top level domain in the <forms> tag in web.config). This is what allows to achieve single sign on between applications on the same domain. If you wanted to achieve single sign on between applications on different domains you will need different approach.
you may want to look into Session Partitioning.
<configuration>
<system.web>
<sessionState
mode="StateServer"
partitionResolverType=
"IndustryStrengthSessionState.PartitionResolver" />
</system.web>
</configuration>
But I don't believe you can share sessions across domains out of the box. You will likely need to add custom session synchronization, where each domains session is linked by a custom algorithm to the same user/tenant etc.