让Session对象在不同域名下实现共享

　2000-10-13 10:09:38　来源：WEB开发网　闂傚倸鍊风欢姘缚瑜嶈灋闁圭虎鍠栫粻顖炴煥閻曞倹瀚�

闂傚倸鍊风粈渚€骞夐敓鐘插瀭闁汇垹鐏氬畷鏌ユ煙閹殿喖顣奸柛搴＄У閵囧嫰骞掗幋婵冨亾閻㈢ǹ纾婚柟鐐灱濡插牊绻涢崱妤冃℃繛宀婁簽缁辨捇宕掑鎵佹瀸闂佺懓鍤栭幏锟�

濠电姷鏁告慨顓㈠箯閸愵喖宸濇い鎾寸箘閹规洟姊绘笟鈧ḿ褍煤閵堝悿娲Ω閳轰胶鍔﹀銈嗗笂閼冲爼鍩婇弴銏＄厪闁搞儮鏅涙禒褏绱掓潏鈺佷槐闁轰焦鎹囬弫鎾绘晸閿燂拷闂傚倸鍊风欢姘缚瑜嶈灋闁圭虎鍠栫粻顖炴煥閻曞倹瀚�　　闂傚倸鍊烽懗鑸电仚缂備胶绮〃鍛村煝瀹ュ鍗抽柕蹇曞У閻庮剟姊虹紒妯哄闁诲繑姘ㄩ埀顒佸嚬閸撶喎顫忓ú顏勫瀭妞ゆ洖鎳庨崜浼存⒑闁偛鑻晶顔剧磼婢跺﹦绉虹€殿喖顭锋俊姝岊槷闁稿鎹囧Λ鍐ㄢ槈濞嗗繑娈橀梻浣风串缂嶁偓濞存粠鍓熼崺鈧い鎺戝€归弳顒勬煕鐎ｎ亷韬€规洑鍗冲鍊燁槾闁哄棴绠撻弻銊╂偆閸屾稑顏�

核心提示：There is a general belief among developers that session state maintenance is always against one domain / site. And therefore one can not maintain session state

There is a general belief among developers that session state maintenance is always against one
domain / site. And therefore one can not maintain session state across different domains. Usually there is
no such requirement to maintain session state across different domains. But of late due to increase in the
scope of web based applications developers feel the need to share the session state with other domains.
The other domain may be a sister concern of the same company, or may be the B2B partner. So the question
arises how one can share the session variables across other domains easily and safely.

--------------------------------------------------------------------------------

　
How to share Session variables across Domains

Introduction　
　　　There is a general belief among developers that session state maintenance is always against one
domain / site. And therefore one can not maintain session state across different domains. Usually there is
no such requirement to maintain session state across different domains. But of late due to increase in the
scope of web based applications developers feel the need to share the session state with other domains.
The other domain may be a sister concern of the same company, or may be the B2B partner. So the question
arises how one can share the session variables across other domains easily and safely.

　

Sharing Session variables using aSMS　
　　
　　　Configure aSMS

　　　Sharing Session variables across domains is very easy using aSMS. aSMS Standard and Advanced both
support sharing session variables. Lets assume two different domains mydomain1.com and mydomain2.com. And
the requirement is to share the session variables between mydomain1.com and mydomain2.com. For simplicity
sake lets assume one webserver each for mydomain1.com and mydomain2.com. (It’s also possible so share
session variables between different domains hosted on same webserver). So www.mydomain1.com points to
webserver of domain1 and www.mydomain2.com points webserver of mydomain2.com.

Install aSMS on both webservers. Both aSMS should share a common LDAP server to share session variables.
Lets assume that common LDAP server be ldap.mydomain.com. On the webserver of mydomain1.com, open the aSMS
Admin Console.

For the,

LDAP Path enterLDAP://ldap.mydomain.com:1002/o=mydomain/ou=Members
LDAPAdminentercn=Administrator,ou=Members,o=mydomain

Enter the Admin PassWord. Set your Session Time out duration. If you want to support cookies then set
Support Cookies to True.

Click ‘Test LDAP Source’ button. If it returns ‘Successful’ Then aSMS has been configured successfully
on the webserver of mydomain1.com.

Do the same on the webserver of mydomain2.com. Take care to enter the same LDAP path
(LDAP://ldap.mydomain.com:1002/o= mydomain/ou=Members)for the webserver of mydomain2.com. This way we
ensure that aSMS of both webservers point to the same LDAP Server. Test LDAP connection by clicking ‘test
LDAP source’ button. If it returns successful then aSMS has been configured PRoperly on webserver of
mydomain2.com also and they both point to the same LDAP server.

　
　　
Start Session on Webserver of mydomain1.com

　One can use the functions.asp (link to function.txt) given in the sample files and include this file in
all asp pages. If functions.asp has been used then Session can be started by just calling SessionStart
function on the default.asp of mydomain1.com webserver.

If function.asp is not used, then following code can be used to start the session in default.asp page

< %

Set objSession = Server.CreateObject("Session.Management")

objSession.SessionStart()

Set objSession = nothing

% >

To assign session variables in mydomain1.com

< %

Set objSession = Server.CreateObject("Session.Management")

objSession.CheckSession()

objSession.SetSession "givenname", John

objSession.SetSession "sn", Anderson

objSession.SetSession "mail", John@Anderson.com

objSession.SetSession "userPassword", password

objSession.SetSession "accountStatus ", 1

Set objSession = nothing

% >

To retrieve Session variables

< %

Dim strFirstName, strLastName, strEmailAddress

Dim strPassword, intStatus

Set objSession = Server.CreateObject("Session.Management")

objSession.CheckSession()

strFirstName = objSession.GetSession ("givenname")

strLastName = objSession.GetSession ("sn")

strEmaiAddress = objSession.GetSession ("mail")

strPassword = objSession.GetSession ("userPassword")

intStatus = objSession.GetSession ("accountStatus ")

Set objSession = nothing

% >

　
　　
Sharing Session Variables　

　　　To share the session variables between domains, one need to pass the SessionGUID value to the other
domain. aSMS maintains session by using this SessionGUID. This can be done by passing the ‘SessionGUID’
cookie value to other domain by either query string or by hidden form field.

<ahref=http://www.mydomain2.com/default.asp?SessionGUID= <%= Request.Cookies (“SessionGUID”)% > >
MyDomain2.com< /a>

Add few lines just after SessionStart code in default.asp of mydomain2.com domain.

< %

Set objSession = Server.CreateObject("Session.Management")

If Request.QueryString ("SessionGuid") <> "" Then

Response.Cookies ("SessionGuid") = Request.QueryString ("SessionGuid")

Else

objSession.SessionStart()

End If

Set objSession = nothing

% >

To retrieve mydomain1.com’s session variables

< %

Dim strFirstName, strLastName, strEmailAddress

Dim strPassword, intStatus

Set objSession = Server.CreateObject("Session.Management")

objSession.CheckSession()

strFirstName = objSession.GetSession ("givenname")

strLastName = objSession.GetSession ("sn")

strEmaiAddress = objSession.GetSession ("mail")

strPassword = objSession.GetSession ("userPassword")

intStatus = objSession.GetSession ("accountStatus ")　

objSession = nothing

% >　

This way we can share session variables between two different domains using aSMS.

　
　　
Scenarios, where sharing Session Variables Across Domains may be required

Sharing session variables is required in so many types of web scenarios. Some of them are-

1. Common Login between two different domains - If you don’t want the users who have logged in
mydomain1.com to once again be validated in mydomain2.com.

2. Sharing Session variables with your B2B partner.

3. Developing your own ‘Microsoft Passport’ like web site.

　

Conclusion　　
　
　　　 Here we have seen how by using aSMS one can easily share session variables across two different
domains. This method has been actually implemented on live web sites. Menswear.com
(http://www.menswear.com) and Womenswear.net (http://www.womenswear.net ) use aSMS to share session state
across two of their domains. When users go from menswear.com to womenswear.com, they need not re-login.
Users need to login only at either menswear.com or at womenwear.com. The authentication details are shared
between two domains.

Download sample code for this page.
http://files.driveway.com/download/vapp03-653b18dcaf1f3ccb/28271119/Sharing+Session+Variables+Samples.zip