Login
Latest postings for ASP/ VbScript.
Daily Code Email
|
|
| |
|
Sharing Session Variables across domains
|
|
|
|
|
Submitted on: 6/26/2000 6:20:22 PM
By: Balaji NJL
Level: Intermediate
User Rating: Unrated
Compatibility:ASP (Active Server Pages), VbScript (browser/client side)
Users have accessed this article 12875 times.
| (About the author) |
| | | There is a general belief among developers that session state maintenance is always against one domain / site. And therefore one can not maintain session state across different domains. Usually there is no such requirement to maintain session state across different domains. But of late due to increase in the scope of web based applications developers feel the need to share the session state with other domains. The other domain may be a sister concern of the same company, or may be the B2B partner. So the question arises how one can share the session variables across other domains easily and safely.
| | | |
Terms of Agreement:
By using this article, you agree to the following terms...
1) You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2) You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3) You may link to this article from another website, but ONLY if it is not wrapped in a frame.
4) You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.
|
How to share Session variables across Domains
Introduction
|
|
There is
a general belief among developers that session state maintenance is
always against one domain / site. And therefore one can not maintain
session state across different domains. Usually there is no such
requirement to maintain session state across different domains. But of
late due to increase in the scope of web based applications developers
feel the need to share the session state with other domains. The other
domain may be a sister concern of the same company, or may be the B2B
partner. So the question arises how one can share the session variables
across other domains easily and safely.
|
| |
|
Sharing Session variables using aSMS
|
Configure aSMS
|
|
Sharing
Session variables across domains is very easy using aSMS. aSMS Standard
and Advanced both support sharing session variables. Lets assume two
different domains mydomain1.com and mydomain2.com. And the requirement
is to share the session variables between mydomain1.com and
mydomain2.com. For simplicity sake lets assume one webserver each for
mydomain1.com and mydomain2.com. (It’s also possible so share session
variables between different domains hosted on same webserver). So
www.mydomain1.com points to webserver of domain1 and www.mydomain2.com
points webserver of mydomain2.com.
Install aSMS on both webservers. Both aSMS should share a common LDAP
server to share session variables. Lets assume that common LDAP server
be ldap.mydomain.com. On the webserver of mydomain1.com, open the aSMS
Admin Console.
For the,
LDAP Path enterLDAP://ldap.mydomain.com:1002/o=mydomain/ou=Members
LDAPAdminentercn=Administrator,ou=Members,o=mydomain
Enter the Admin Password. Set your Session Time out duration. If you
want to support cookies then set Support Cookies to True.
Click ‘Test LDAP Source’ button. If it returns ‘Successful’ Then
aSMS has been configured successfully on the webserver of mydomain1.com.
Do the same on the webserver of mydomain2.com. Take care to enter the
same LDAP path(LDAP://ldap.mydomain.com:1002/o= mydomain/ou=Members)for
the webserver of mydomain2.com. This way we ensure that aSMS of
both webservers point to the same LDAP Server. Test LDAP connection by
clicking ‘test LDAP source’ button. If it returns successful then
aSMS has been configured properly on webserver of mydomain2.com also and
they both point to the same LDAP server.
|
| |
Start Session on Webserver of mydomain1.com
|
| |
One can use the functions.asp (link to
function.txt) given in the sample files and include this file in all asp
pages. If functions.asp has been used then Session can be started by
just calling SessionStart function on the default.asp of mydomain1.com
webserver.
If function.asp is not used, then following code can be used to start
the session in default.asp page
< %
Set objSession = Server.CreateObject("Session.Management")
objSession.SessionStart()
Set objSession = nothing
% >
To assign session variables in mydomain1.com
< %
Set objSession = Server.CreateObject("Session.Management")
objSession.CheckSession()
objSession.SetSession "givenname", John
objSession.SetSession "sn", Anderson
objSession.SetSession "mail", John@Anderson.com
objSession.SetSession "userPassword", password
objSession.SetSession "accountStatus ", 1
Set objSession = nothing
% >
To retrieve Session variables
< %
Dim strFirstName, strLastName, strEmailAddress
Dim strPassword, intStatus
Set objSession = Server.CreateObject("Session.Management")
objSession.CheckSession()
strFirstName = objSession.GetSession ("givenname")
strLastName = objSession.GetSession ("sn")
strEmaiAddress = objSession.GetSession ("mail")
strPassword = objSession.GetSession ("userPassword")
intStatus = objSession.GetSession ("accountStatus ")
Set objSession = nothing
% >
|
| |
Sharing Session Variables 
|
|
To share
the session variables between domains, one need to pass the SessionGUID
value to the other domain. aSMS maintains session by using this
SessionGUID. This can be done by passing the ‘SessionGUID’ cookie
value to other domain by either query string or by hidden form field.
<ahref=http://www.mydomain2.com/default.asp?SessionGUID= <%=
Request.Cookies (“SessionGUID”)% > > MyDomain2.com< /a>
Add few lines just after SessionStart code in default.asp of
mydomain2.com domain.
< %
Set objSession = Server.CreateObject("Session.Management")
If Request.QueryString ("SessionGuid") <> ""
Then
Response.Cookies ("SessionGuid") = Request.QueryString ("SessionGuid")
Else
objSession.SessionStart()
End If
Set objSession = nothing
% >
To retrieve mydomain1.com’s session variables
< %
Dim strFirstName, strLastName, strEmailAddress
Dim strPassword, intStatus
Set objSession = Server.CreateObject("Session.Management")
objSession.CheckSession()
strFirstName = objSession.GetSession ("givenname")
strLastName = objSession.GetSession ("sn")
strEmaiAddress = objSession.GetSession ("mail")
strPassword = objSession.GetSession ("userPassword")
intStatus = objSession.GetSession ("accountStatus ")
objSession = nothing
% >
This way we can share session variables between two different domains
using aSMS.
|
| |
Scenarios, where sharing Session Variables Across Domains may be
required
|
|
Sharing
session variables is required in so many types of web scenarios. Some of
them are-
1. Common Login between two different domains - If you don’t want the
users who have logged in mydomain1.com to once again be validated in
mydomain2.com.
2. Sharing Session variables with your B2B partner.
3. Developing your own ‘Microsoft Passport’ like web site.
|
| |
Conclusion
|
| |
|
Here we have seen how by using aSMS one can easily share session
variables across two different domains. This method has been actually
implemented on live web sites. Menswear.com (http://www.menswear.com)
and Womenswear.net (http://www.womenswear.net
) use aSMS to share session state across two of their domains. When
users go from menswear.com to womenswear.com, they need not re-login.
Users need to login only at either menswear.com or at womenwear.com. The
authentication details are shared between two domains.
Download
sample code for this page. |
| | |
|
Other 1 submission(s) by this author
| | | |
Report Bad Submission | | | | | Your Vote! | |
See Voting Log | | | | Other User Comments | 
10/16/2002 3:59:10 PM:
So where do you get ASMS?
(If this comment was disrespectful, please report it.)
|
2/29/2004 8:16:03 PM:
hi,
i can't seem to access the sample codes..the page can't be found. is there an alternative site?
thanks
(If this comment was disrespectful, please report it.)
| | |
Add Your Feedback! | Note:Not only will your feedback be posted, but an email will be sent to the code's author from the email account you registered on the site, so you can correspond directly.
NOTICE: The author of this article has been kind enough to share it with you. If you have a criticism, please state it politely or it will be deleted.
For feedback not related to this particular article, please click here.
|
To post feedback, first please login.
| |
|
