c# - Trying to separate sessions for MVC apps -


we working on c# mvc project has 2 mvc uis, frontend , admin section. we're using iis express debugging locally. when debugging both apps, can see values both apps shared in session.

i modified our myapp.vs\config\applicationhost.config , added app pool section each app, , set them use it, this:

<sites>     <site name="website1" id="1" serverautostart="true">         <application path="/">             <virtualdirectory path="/" physicalpath="%iis_sites_home%\website1" />         </application>         <bindings>             <binding protocol="http" bindinginformation=":8080:localhost" />         </bindings>     </site>     <site name="myapp.frontend" id="2">         <application path="/" applicationpool="myappfrontendapppool">             <virtualdirectory path="/" physicalpath="c:\users\myname\source\repos\myapp\myapp.frontend" />         </application>         <bindings>             <binding protocol="http" bindinginformation="*:51415:localhost" />         </bindings>     </site>     <site name="myapp.admin" id="5">         <application path="/" applicationpool="myappadminapppool">             <virtualdirectory path="/" physicalpath="c:\users\myname\source\repos\myapp\myapp.admin" />         </application>         <bindings>             <binding protocol="http" bindinginformation="*:58534:localhost" />         </bindings>     </site>     <sitedefaults>         <logfile logformat="w3c" directory="%iis_user_home%\logs" />         <tracefailedrequestslogging directory="%iis_user_home%\tracelogfiles" enabled="true" maxlogfilesizekb="1024" />     </sitedefaults>     <applicationdefaults applicationpool="clr4integratedapppool" />     <virtualdirectorydefaults allowsubdirconfig="true" /> </sites> 

however, still see variables both apps in session.

how can ensure each app works in it's own, separate, session?

sessions in asp.net have client-side component (cookie), , ability app read cookie (and restore session) depends on 3 factors:

  1. the ability receive cookie in first place. cookies domain-bound, if both sites running on localhost, example, each receive each other's cookies. however, not issue if deployed foo.com , bar.com.

  2. the ability decrypt cookie. controlled machine key being used app. default, asp.net generate single machine key system , use everything, allows apps on machine read each other's cookies. disable this, should give each application own explicit , distinct machine key.

  3. finally, cookie name. cookie used persisting session state customizable per application, defaults standard name of asp.net_sessionid. obviously, if both sites using same cookie name sessions, share that. therefore, direct way separate sessions applications assign each unique session cookie name.

    <system.web>     <sessionstate cookiename="foo" /> </system.web> 

Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -