c# - Trying to separate sessions for MVC apps -
we working on c# mvc project has 2 mvc uis, frontend , admin section. we're using iis express debugging locally. when debugging both apps, can see values both apps shared in session.
i modified our myapp.vs\config\applicationhost.config , added app pool section each app, , set them use it, this:
<sites> <site name="website1" id="1" serverautostart="true"> <application path="/"> <virtualdirectory path="/" physicalpath="%iis_sites_home%\website1" /> </application> <bindings> <binding protocol="http" bindinginformation=":8080:localhost" /> </bindings> </site> <site name="myapp.frontend" id="2"> <application path="/" applicationpool="myappfrontendapppool"> <virtualdirectory path="/" physicalpath="c:\users\myname\source\repos\myapp\myapp.frontend" /> </application> <bindings> <binding protocol="http" bindinginformation="*:51415:localhost" /> </bindings> </site> <site name="myapp.admin" id="5"> <application path="/" applicationpool="myappadminapppool"> <virtualdirectory path="/" physicalpath="c:\users\myname\source\repos\myapp\myapp.admin" /> </application> <bindings> <binding protocol="http" bindinginformation="*:58534:localhost" /> </bindings> </site> <sitedefaults> <logfile logformat="w3c" directory="%iis_user_home%\logs" /> <tracefailedrequestslogging directory="%iis_user_home%\tracelogfiles" enabled="true" maxlogfilesizekb="1024" /> </sitedefaults> <applicationdefaults applicationpool="clr4integratedapppool" /> <virtualdirectorydefaults allowsubdirconfig="true" /> </sites>
however, still see variables both apps in session.
how can ensure each app works in it's own, separate, session?
sessions in asp.net have client-side component (cookie), , ability app read cookie (and restore session) depends on 3 factors:
the ability receive cookie in first place. cookies domain-bound, if both sites running on localhost, example, each receive each other's cookies. however, not issue if deployed foo.com , bar.com.
the ability decrypt cookie. controlled machine key being used app. default, asp.net generate single machine key system , use everything, allows apps on machine read each other's cookies. disable this, should give each application own explicit , distinct machine key.
finally, cookie name. cookie used persisting session state customizable per application, defaults standard name of
asp.net_sessionid
. obviously, if both sites using same cookie name sessions, share that. therefore, direct way separate sessions applications assign each unique session cookie name.<system.web> <sessionstate cookiename="foo" /> </system.web>
Comments
Post a Comment