Is it possible to share sessions between subdomains?
Say: the user logs in at www.company.com, and is redirected to
my.company.com. This is a different url for the same application. Can I
keep the session (so I still know WHO has logged in)?
The problem (as I see it) is the session-cookie. If that has a domain
of "www.company.com", it will not be transferred to "my.company.com".
But: a cookie with a domain of just "company.com" will be sent to both
subdomains. Is it possible to set the domain of the session-cookie?
Any other suggestions, apart from storing the identity in
application-state under some id and using that id in the redirect to
retrieve it in the new session?
Hans Kesting
This will keep the user in session and you will be able to have single sign
on.
Now the bad news. If you are one that sets up a lot of user information in
session, you will have to recreate that info with every subdomain the user
traverses.
One solution is to create the info every time you notice there is no user
info. THis means multiple apps holding the same info, however. The other is
to persist the information and grab on either a session or page
(cache/viewstate) basis. Either one causes dupe info in memory, unless you
grab the info each page hit (ouch).
You can also put the info in a user cookie, but that just switches the
persistence mechanism to the user's drive and causes you to pull from
cookies. It has some other down sides, like the ability to turn off cookies.
What you do depends largely on your state mechanism. Do you grab info as
needed or use session, etc.? That will determine how much info you end up
repeating.
--
Gregory A. Beamer
*************************************************
Think Outside the Box!
*************************************************
"Hans Kesting" <news.2...@spamgourmet.com> wrote in message
news:mn.2ad47d650...@spamgourmet.com...