Share session between subdomains?

H

Hans Kesting

Hi,

Is it possible to share sessions between subdomains?

Say: the user logs in at www.company.com, and is redirected to
my.company.com. This is a different url for the same application. Can I
keep the session (so I still know WHO has logged in)?

The problem (as I see it) is the session-cookie. If that has a domain
of "www.company.com", it will not be transferred to "my.company.com".
But: a cookie with a domain of just "company.com" will be sent to both
subdomains. Is it possible to set the domain of the session-cookie?

Any other suggestions, apart from storing the identity in
application-state under some id and using that id in the redirect to
retrieve it in the new session?


Hans Kesting
 
C

Cowboy \(Gregory A. Beamer\)

You can keep parts of the session. To do this, set the machine keys, both
encrypt and decrypt, to the same values on each server (not the same values
as each other, but the keys must be the same on both). You also have to set
the exact same cookie name. This allows the two apps to access the same
session cookie. Session number and user name stay consistent.

This will keep the user in session and you will be able to have single sign
on.

Now the bad news. If you are one that sets up a lot of user information in
session, you will have to recreate that info with every subdomain the user
traverses.

One solution is to create the info every time you notice there is no user
info. THis means multiple apps holding the same info, however. The other is
to persist the information and grab on either a session or page
(cache/viewstate) basis. Either one causes dupe info in memory, unless you
grab the info each page hit (ouch).

You can also put the info in a user cookie, but that just switches the
persistence mechanism to the user's drive and causes you to pull from
cookies. It has some other down sides, like the ability to turn off cookies.

What you do depends largely on your state mechanism. Do you grab info as
needed or use session, etc.? That will determine how much info you end up
repeating.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Session values across subdomains 1
Question about working with subdomains 0
share same session across sub domains. 1
Fading effect between play and play-over and pause and pause-over 0
Forms authentication across sub domains. 4
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Best practice to share session between .net 1.1 and .net 3.0/3.5 2
Sharing Session Info across subdomains 0

Members online

No members online now.
Total: 46 (members: 0, guests: 46)
Robots: 412

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,810
Latest member
Kassie0918

Latest Threads

Top