We currently have 2 separate ASP.Net websites hosted on one of our server. These sites uses StateServer to maintain same session across both sites. We are looking to move these sites to Azure. I was able to upload both sites on Azure without any trouble but I was not able to share the session between both sites. I tried using Azure Cache Service (Preview) to maintain session but for some reason it doesn't work, it always uses different session when I redirect to the second site. I already spent quite a bit of time googling around with no avail.
To get to the bottom of the issue, I now have created 2 test sites and have uploaded it on the Azure. I changed the config to use the Cache Service (Preview) as SessionState but it still doesn't work.
The link to get to the test site is: http://sessiontestsite1.azurewebsites.net/
On the home page, please enter a value in the textbox and click "Update session variable", this will store the text into a session variable. Then, on the top right corner of the page there is a link called "Site2" which will redirect to the second site. I am hoping that second site will be able to access the session variable set in the "Site1" and vice versa. Please note on my local machine I was able to use the same session using StateServer.
I followed this link to configure cache service.
I read somewhere, people were saying that Cache Service cannot be used with Azure Websites but I think those are old posts, as per Scott Gutherie's blog (sorry, StackOverflow doesn't allow me to post more than 2 links) Cache Service can be used with Azure Websites.
Also our requirement is to use these sites as Azure Websites, we do NOT want to use WebRoles or VMs or CloudServices etc.
This is not how session works.
When you put a value in the Session the server assign the client an ID and sends it to the client in a cookie. In ASP.NET it's ASP.NET_SessionId. The client (Browsers) will only send the cookie to the remote address associated with it. If you use Fiddler or browser dev tools you will see the browser sending back the ASP.NET_SessionId cookie to sessionstatesite1 and not to sessionstatesite2 because it has a different hostname.
You can either add the cookie manually (using browser dev tools for example) and test it again.
If you want to use the cache for user session and have the user access the site using 1 URL that get's routed to different Azure Website Instances, that cache will work fine for you. Again you can verify that using multiple ways. Adding the cookie manually above should show you that it's working. If you wanna do it in an end-to-end flow do this:
Create an Azure Website
Scale the site to run on multiple instances
Configure your site to display the Process Id or Instance Id Environment Variable
Configure your site to use caching as you already did before
Store something in session state
log in to kudu (https://<yoursitename>.scm.azurewebsites.net)
Go to process explorer view (https://<yoursitename>.scm.azurewebsites.net/ProcessExplorer) and right click on the w3wp.exe and kill it (you can also verify the PID there)
send a request again from the browser, it will go to a different instance and you can tell by the Process Id, but the session value will still be saved.
Because session sharing in our current setup doesn't work we have decided to use two sites as virtual applications.
We have now created a new website and that website has two sub folders (set as virtual applications). Both sites now sits in theses sub folders. That way session state using cache service works.
Related
Is it possible to share Session state between web applications on separate servers? One of the web sites is using session state to maintain user credentials/info session state, the other is using forms authentication to maintain this information. Without modifications to the website using session storage, is it possible for the website using forms auth to read/access the session state on the other server? If not, which I assume is the answer, would it be possible if they ran on the same server? (i.e. the same app pool)?
Note: Both applications are under the same domain name (one of them will be a sub-domain)
As a note, the reason this is being asked is because a client is requesting a "single sign-on" approach between two websites. We're using forms authentication and the other site (which we cannot modify at this moment) is maintaining credentials/logon information in session
ASP.NET 4
IIS 7.5
Assuming the latter, you could try something like this:
first, make sure all the appliations are running in the same domain. If not, all bets are off. I don't know if there's a simple way to configure the domain property of the session cookie yet, so you may have to do it yourself, by setting the cookie domain property to the domain:
Response.Cookies["ASP.NET_SessionId"].Domain = ".mydomain.com";
you'll need to make sure that each application is configured to use either a common state server, or a db-backed session.
please follow the link : How to share session state across subdomains
Basically my question is i have a website which was developed around 3 years ago, while development it was proposed that this site will be used by few people on internet.
But now it seems like many users are accessing the website. So we have planned to create a Web sever Farm where we have multiple servers for our website.
major problem in development is old website used InProc Session state and now since we are upgrading to multiple servers we want to change InProc to Outproc i.e StateServer Session State.
Can you guide me on this upgrade and how can it be achieved in simple and easy way rather than changing the coding on each pages wherever sessions are used.
What you going to have here is that you move your site to many web servers and the actual issue here is "how to keep the same state for each user regarding the server".
There are two options.
First option is to setup the router that split the users to the server, to use the "Sticky option", meaning that each user is stick for his session to one server, and one only. In this case it did not matter if you use inproc or sql server session, as long as the router make good job. This is the case of course that you do not use any other database for common data.
Second option is to use an sql server and move the session to the server, but here the server must be on one server and the others server's gets his session data from this one. Also you setup on web.config the same key machine for all web servers.
So for this case you need.
To setup a common/shared SQL server on one server
To install on this the session database (actually run a script from asp.net)
Setup the web.config to use this database as session
Setup the web.config to have the same machine key.
In the case that you use a database for other data, then you place this database together with the session database, and you make a share connect to that database also. The point here is that the data must be live on one computer, and the other computers connect to this main one for the data.
I have a sharepoint webpart where I have links to go to different web sites to which login is required. Therefore, I think i need to log the users on before redirect them into deep pages in that site, therefore I think i need to set up a cookie to that web site when the web part is loaded (by using the user credentials of the user's active directory information).
How can I achieve this requirement with out opening up a new browser window? (Though I have used a client side script, it pops up a new browser window)
Any help is highly appreciable...
Thanks
If you are referring to "different web sites" as sites having completely different URL's, then it's probably not possible without SSO system.
The reason is that it's impossible to read/write cookies from other domain in web environment, i.e. pre-login the users like you are saying.
If all the sites are inside same domain, like mycompany.com for example, and different sites are in abc.mycompany.com or mycompany.com/subsite, then yes, you can set the cookie. See top section here http://www.15seconds.com/issue/971108.htm
A simple way to implement SSO is by implementing method described later on in same article.
in the "Requesting Cookie from Another Domain". This is not a very secure method though, but can be done if you restrict it properly to specific slave domains. And obviously all the slave sites have to be modified, as with any SSO implementation.
I'm using IIS 7.0 on WS2008.
I've implemented a simple login page that redirects to another simple page showing the Request.ServerVariables key/values.
I'm using the built-in SQL membership provider.
The website is on a DEV machine and there are no users on it.
When I login at the same time with 2 different users from 2 different locations (2 different public addresses) then one of the Request.ServerVariables page is the same as the other.
That includes the client IP address which is then completely wrong.
The authentication as well as the other cookies are wrong as well.
I checked the IIS log and it shows the correct client address as well as the correct login name.
If I then reload the wrong page I get the correct data.
Is there some concurrency issue in ASP.NET? I disabled the session and caching but I still get the same behaviour.
Cheers.
We had exactly the same issue when we accidentally cached too heavily on the IIS. The website simply returned whatever it had returned before.
Take a look at the site settings and see if you have any settings in the "Output Caching" of your website.
I have two .NET websites, which is setup to share sessions in-between via SQL db.
The website stores and retrieves session as using session("MY_Session").add and Session("MY_Session"). What gets stored is basically a custom class with their username and name.
The parent website is setup in IIS using DefaultAppPool and then the secondary site is setup as virtual directory application in the same pool.
I am not quite sure how it is set up on SQL for the sessions as I did not put it in.
In the web.config for both applications, it is set as follows:
sessionState mode="SQLServer"
sqlConnectionString="server=xxxxx;uid=uuuu;pwd=pppppp;Application Name=NNNNNN"/
Users are claiming that they sometimes open up their browser and go to the site and find that other people's information (from within the same organisation) is appearing...
Anyone able to tell me what I am doing wrong and what to do next please?
This could be a caching issue, if there is a proxy server involved -- make sure any personalised content is correctly flagged so that it is not shared between clients.
A header like this should improve matters:
Cache-Control: private