Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Share session between subdomains?

4 views
Skip to first unread message

Hans Kesting

unread,
May 5, 2006, 6:04:17 AM5/5/06
to
Hi,

Is it possible to share sessions between subdomains?

Say: the user logs in at www.company.com, and is redirected to
my.company.com. This is a different url for the same application. Can I
keep the session (so I still know WHO has logged in)?

The problem (as I see it) is the session-cookie. If that has a domain
of "www.company.com", it will not be transferred to "my.company.com".
But: a cookie with a domain of just "company.com" will be sent to both
subdomains. Is it possible to set the domain of the session-cookie?

Any other suggestions, apart from storing the identity in
application-state under some id and using that id in the redirect to
retrieve it in the new session?


Hans Kesting


Cowboy (Gregory A. Beamer)

unread,
May 5, 2006, 8:29:04 AM5/5/06
to
You can keep parts of the session. To do this, set the machine keys, both
encrypt and decrypt, to the same values on each server (not the same values
as each other, but the keys must be the same on both). You also have to set
the exact same cookie name. This allows the two apps to access the same
session cookie. Session number and user name stay consistent.

This will keep the user in session and you will be able to have single sign
on.

Now the bad news. If you are one that sets up a lot of user information in
session, you will have to recreate that info with every subdomain the user
traverses.

One solution is to create the info every time you notice there is no user
info. THis means multiple apps holding the same info, however. The other is
to persist the information and grab on either a session or page
(cache/viewstate) basis. Either one causes dupe info in memory, unless you
grab the info each page hit (ouch).

You can also put the info in a user cookie, but that just switches the
persistence mechanism to the user's drive and causes you to pull from
cookies. It has some other down sides, like the ability to turn off cookies.

What you do depends largely on your state mechanism. Do you grab info as
needed or use session, etc.? That will determine how much info you end up
repeating.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Hans Kesting" <news.2...@spamgourmet.com> wrote in message
news:mn.2ad47d650...@spamgourmet.com...

0 new messages