状态服务器会话 - 跨应用程序域？

发布于 2024-08-30 08:54:09 字数 159 浏览 2 评论 0原文

当使用状态服务器进行会话时，会话仍然是特定于 appDomain 的吗？例如，我在一台 Web 服务器上有两个不同的 IIS 应用程序（虚拟目录），它们都指向一个会话状态服务器。来自 cookie 的会话 guid 在来自两个应用程序的请求中将是相同的，那么同一个会话是否可以跨这两个应用程序访问？谢谢。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

过去的过去 2024-09-06 08:54:09

正如 @ntziolis 在他的回答中提到的，以及 @Aristos 在他的评论中提到的，会话基于应用程序名称和会话 cookie 的组合。如果应用程序名称相同并且会话 cookie 值相同，您就可以让它工作（就像我刚才所做的那样）。

为了使应用程序名称相同，我使用了此解决方案来自使用反射的SO：

protected void Application_Start(object sender, EventArgs e)
{
    string applicationName = "MySiteName";

    // Change the Application Name in runtime.
    FieldInfo runtimeInfo = typeof(HttpRuntime).GetField("_theRuntime", BindingFlags.Static | BindingFlags.NonPublic);
    HttpRuntime theRuntime = (HttpRuntime)runtimeInfo.GetValue(null);
    FieldInfo appNameInfo = typeof(HttpRuntime).GetField("_appDomainAppId", BindingFlags.Instance | BindingFlags.NonPublic);

    appNameInfo.SetValue(theRuntime, applicationName);
}

我将其添加到（我的每个站点的）两个 Global.asax 文件中。

要使会话cookie相同，cookie不能因为路径或域而无效。如果您在同一个站点下有两个虚拟目录，则您可以使用 cookie 的路径和路径。域问题。

除非您在 web.config 文件中添加显式代码，否则默认情况下会话 cookie 的名称和计算机密钥也将相同。如果没有，您需要确保您的已显式设置并且在两个应用程序之间相同，并且 中的 cookieName 值相同。 sessionState> 是显式设置的，并且在两个应用程序之间是相同的：

<configuration>
  <system.web>
    <machineKey validationKey="77D2713C3E6C46160F278B7F4787A341A8E9010C3C228F8E9522685050F5204ECA0F2BA2169C4F29C1ADD8C3B99E7143A21272A59373BFBEF21C6677D0FF293C" decryptionKey="286F0EA94D5DA2E697C8C148934EF885A6513AD91C044EDFE7DC45027653B830" validation="SHA1" decryption="AES" />
    <sessionState cookieName="mySessionCookie" mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="false" timeout="20" />
  </system.web>
</configuration>

这对我有用 - 我能够为此启动一个概念验证网站。

As @ntziolis mentioned in his answer, and @Aristos mentioned in his comment, the session is based on a combination of the application name and the session cookie. You can get it to work (as I just did) if the application name is the same and the session cookie value is the same.

To get the application name to be the same, I used this solution from SO that uses reflection:

protected void Application_Start(object sender, EventArgs e)
{
    string applicationName = "MySiteName";

    // Change the Application Name in runtime.
    FieldInfo runtimeInfo = typeof(HttpRuntime).GetField("_theRuntime", BindingFlags.Static | BindingFlags.NonPublic);
    HttpRuntime theRuntime = (HttpRuntime)runtimeInfo.GetValue(null);
    FieldInfo appNameInfo = typeof(HttpRuntime).GetField("_appDomainAppId", BindingFlags.Instance | BindingFlags.NonPublic);

    appNameInfo.SetValue(theRuntime, applicationName);
}

I added that to both Global.asax files (of each of my sites).

To get the session cookie to be the same, the cookie cannot be invalid due to the path or the domain. If you have two virtual directories under the same site, you are fine on the cookie's path & domain issue.

Unless you added explicit code to your web.config file, the session cookie's name and machine key would also be the same by default. If not, you would need to make sure your <machineKey> is explicitly set and the same between the two applications, and the value for cookieName in <sessionState> is explicitly set and the same between the two applications:

<configuration>
  <system.web>
    <machineKey validationKey="77D2713C3E6C46160F278B7F4787A341A8E9010C3C228F8E9522685050F5204ECA0F2BA2169C4F29C1ADD8C3B99E7143A21272A59373BFBEF21C6677D0FF293C" decryptionKey="286F0EA94D5DA2E697C8C148934EF885A6513AD91C044EDFE7DC45027653B830" validation="SHA1" decryption="AES" />
    <sessionState cookieName="mySessionCookie" mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="false" timeout="20" />
  </system.web>
</configuration>

That worked for me - I was able to spin up a proof-of-concept web site for this.

回复收藏 0 原文