best way to share “session state” type data between two .net applications

Question

we have a web application that, started out small, any new features that were added on, were just made as part of the same project, however now we would like to create new projects for these said addons...

we created a new project, it inharits the global.asax of the main project, and also accesses the web.config of the main project just fine, however, in the global asax code there's session checking for data integrity, to see if the user is logged in.. this is where we are getting issues.. the user is logged in, but the site errors out stating that they arnt logged in, because the addon project cannot access the session user id that is set by the main project.

currently we are not using a session state server, or sql state server, and we would like to avoid it to avoid any headaches for some of the older code.

also we dont want to go the route of mutexes.. want to stay away from windows coding if we can as well...

site outline of what happens with the session: user logs in with asp code ( .net 1.1 code) user is authenticated and successfully logged in, sends a guid for that user to a database, the main project( .net 2.0 code) grabs that guid, grabs the users data and stores the user id in the session. any page that requires knowing who the user is, gets it from the session("userid")

so: we create another project that inheirits the global.asax, can access the web.config - DONE!

what we want to do on top of this: have this new project contain a page (addon feature from the main project) have this page access the session("userid") that is set from the main project. - NOT SURE HOW TO DO THIS...

Answer 1

I would prefix my suggestion by saying that the best way to keep complexity to a minimum would be to use a state server . This is a problem they are designed to solve.

That having been said...

Since the two applications have to run in different processes (as they are in different runtime versions), they cannot directly share the data.

One option could be to use Web Services or Remoting . You could have a CustomSession object which stores all a session's data, and identify each one by a Guid . You could track all your existing sessions created in Application A by Guid-CustomSession, and pass the Guid via querystring to Application B. Application B can query Application A with the Guid, either via Web Service or Remoting, and get the corresponding CustomSession object back. You could do the same in reverse as well.

The only issue here is you have to make sure the Guid is always provided in the URL when moving from a page in App A to a page in App B or vice-versa. The application can always check if session does not exist, to fall back to using the Guid to see if the other app has a session.

Do beware that some .NET data structures (not many) are serialized differently between .NET 1.1 and 2.0, so when sharing the objects over remoting or web services, you may need to account for that.

Answer 2

I know you said that you want to stay way from Session State Server....

But I still think it is the best option. Especially if you plan on sharing more data than just the login ID, for future scalability, and maintainability. Also sharing login data is more secure through a session state server than holding it on client side through query strings and such.

But again, whatever it is you end up doing to share session data, just like the other poster "Rex M" pointed out, you need to be careful about what sort of session data you share and that it needs to be serialize-able.

Answer 3

Using Web Services or Remoting is similar to Session State Server, except that you have to implement it yourself -- probably not worth the effort.

If you're going to do this yourself, there is one other issue not previously mentioned: session timeout. You will need to ensure that both two processes have the same idea of when the session was last used. If you don't do it right (and I've run into this), you'll risk getting into a state where it looks like you're logged into one part of the application and but not the other.

Answer 4

You can use cookies to store your UserID. Both your 1.1 & 2.0 applications can access it without any issues.

Answer 5

Rex M: we are trying to share session data between the same versions of .net.. both are running .net 3.5, (running on the .net 2.0 framework) we already have code to xfer the login data to the 2.0 framework.

we have the main project working, however we want to add onto it with modules, we thought simply put, if you add another .net web application, dont use namespaces, and set up the session state server, set up your refrences, and then compile, everything would be gravy..

both applications ( the ones were trying to share session data with) are running 2.0 framework, both in the same application pool, both with the same machine key, and state server information, both running on the same machine, just out of different folders, ( sharing the same parent folder however)

is there anything we can do to get this working?

(without using an sql state server).

Answer 6

You could use one or more encrypted query string variables to pass when navigating between the two web applications so that you can query for and re-establish your important session variables in the two web apps. This is the easiest way.