如何根据SessionID恢复会话？

Question

Context is: I need to send the SessionID (will be encripted) to an app, then the app saves the session ID and on the next query the app sends me back the SessionID so I can use the stored Session variables.

So HttpContext.Current.Session.SessionID gives me the current SessionID.

But... how do I recover the Session based on the SessionID?

PS I am aware that this is a duplicate of this unanswered question: How do I get a session by SessionID in C# so as a plus if there is no way of retrieving the Session from the SessionID I would ask if there is another way to achieve that.

Answer 1

As far as I am aware, there is no public API available to load a session based on session ID (I have asked the question here , as well). You can hack it using reflection , but that will only work if your site is in a full trust environment and you are okay with the performance implications of using reflection.

As was pointed out in the comments, session state is normally driven by a cookie (by default named "ASP.NET_SessionId"). If you pass the cookie from the request of your "app" (which I am assuming you mean a remote application) to the server, you can then access session state simply by calling HttpContext.Current.Session on the server side. You just need to add the cookie to the headers of the request from the application for it to work.

However, I don't think session state is the persistence mechanism you are after for your scenario. Rather than dealing with cookies, it would make more sense to store your state in a persistent format such as a file or a database and use a GUID or other unique identifier to access it based on an ID passed in through the URL.

As Alexi pointed out, another possibility would be to build your own session state provider that you put your own back door into in order to access the raw data, but it will take quite a bit of work to pull that off.