Sharing ASP.NET SessionState between 2 apps with a StateServer shares the same SessionID but not key values, why?
I'm guetting out of ideas. I'm trying to use the same SessionState between two .Net 4 apps running under the same application pool and using mode="StateServer". I did a test on both app and I have a curious result: SessionID is shared, but not the actual session items.
How does it work internally? Is this a security restriction documented somewhere?
Screenshot 1 - I'm setting a session item (a simple date in TestData) in app#1 /SecureSessionTest.aspx:
Screenshot 2 - I'm reading the same session item TestData in app#2 /Apps/SecureSessionTest.aspx, but only the SessionID appears:
I can even set different data in the same Session("key"). Weird!
They both have this in their web.config:
<machineKey validationKey='7D1094A0FC13B6656141916F69F6E25D0F112A6E94BD3EF5DAEFD9755A367C09607E7D76827AC5ACAD14456665C4E0966F632F09522475758A815A4045BF3F25' decryptionKey='F0DF9FA0522E541FF246ADD8BC285A10E984444AE4361631' validation='SHA1'/>
<sessionState mode="StateServer" stateConnectionString="tcpip=localhost:42424" timeout="60" regenerateExpiredSessionId="false" cookieName="XXXXXXXX_ASP.NET_SessionId" />
Any ideas? Help is very appreciated!
Carl
The StateServer keys the session off of a combination of the SessionID cookie, the machine key, AND the application name.
Try having the two applications share the same application pool.
This previous question may be illuminating: Session State and Application Pool
(If my initial suggestion doesn't work please comment and I'll dig deeper)
- How do you allow two DLL's with same namespace.class to exist in the same application?
- Duplicate characters when typing in VS 2022 .cs page
- .NET Aspire on existing docker project
- Azure Table Storage - No connection could be made because the target machine actively refused it 127.0.0.1:10002
- Trouble Adding Security Scheme for Identity in NSwag OpenAPIDocument with ASP.NET Core 8
- How is RegisterStartupScript called when Page.ClientScript.IsStartupScriptRegistered?
- Populate checklist in another webform
- .NET 4.5 changing how Response.IsRequestBeingRedirected behaves on Ajax calls - why?
- Javascript not working in Partial View
- File upload .NET Core 'IFormFile' does not contain a definition for 'SaveAsASync' and no extension method
- Gridview.SelectedRow returns null
- The constraint reference 'string' could not be resolved to a type. (netcoreapp3.0)
- JavaScript Timer Event to read a session variable in ASP.NET
- How to utilize WebDev.WebServer.exe (VS Web Server) in x64?
- Function set td text in <%if statement%> always be called
- How do I find out what is causing Edge Developer Tools to be BLANK on the company ASP.NET WebForms website?
- Token handler unable to convert the token to jwt token
- ASP.net making an AJAX call with Jquery
- Why is await async freezing the UI on my aspx page?
- ASP.NET Web Api: The requested resource does not support http method 'GET'
- OnItemCommand not firing from nested DataList
- C# UnitTests Mock File ReadAllBytes throws System.IO.FileNotFoundException
- How can I programmatically recycle a .net web app's own apppool?
- How do I get the the value of an ASP.NET hiddenfield in a typescript file
- Connect textbox in gridview and dropdownlist with a single datatable so that values can change in both at once without requiring a postback in ASP.NET
- HTTP Error 503. The service is unavailable. App pool stops on accessing website
- Paging through an IEnumerable
- Could not find a part of the path ... bin\roslyn\csc.exe
- .net max class size
- How do I mitigate the HTTP Parameter Pollution vulnerability for the Captcha.aspx in the ASP.NET Web Forms application