Session Sharing the main guarantee two things:
- Reception Asp_SessionId of Cookie scope for top-level domain, and the same value
- Public Session by the same source back-end custom HttpModule can achieve these two requirements
/// <summary>
/// 自定义HttpModule,使调用本HttpModule的系统使用同一个SessionID(只限于同一个根域名),实现Session共享 /// 需要在AppSetting里面配置Domain(根域名),在system.webServer下添加自定义modules add name = "MakeSessionIDOneOnly" type="Tools.MakeSessionIDOneOnly, Tools" /// </summary> public class MakeSessionIDOneOnly : IHttpModule { private string m_RootDomain = string.Empty; #region IHttpModule Members public void Dispose() { } /// <summary> /// Init函数主要让本系统对应的StateServer中的Session的s_uribase(可以理解为作用域)一致,统一设置为根域名,这样相当于多套系统统一使用一个Session库 /// </summary> /// <param name="context"></param> public void Init(HttpApplication context) { //1.获取根域名 m_RootDomain = ConfigurationManager.AppSettings["Domain"]; //2.获取System.Web.SessionState.OutOfProcSessionStateStore类 Type stateServerSessionProvider = typeof(HttpSessionState).Assembly.GetType("System.Web.SessionState.OutOfProcSessionStateStore"); //3.获取该类的静态字段s_uribase FieldInfo uriField = stateServerSessionProvider.GetField("s_uribase", BindingFlags.Static | BindingFlags.NonPublic); if (uriField == null) throw new ArgumentException("UriField was not found"); //object obj= uriField.GetValue(null); //4.设置s_uribase值为根域名 uriField.SetValue(null, m_RootDomain); context.EndRequest += new System.EventHandler(context_EndRequest); } /// <summary> /// 上下文结束时让输出的cookie作用域一致,统一设置为根域名 /// </summary> /// <param name="sender"></param> /// <param name="e"></param> void context_EndRequest(object sender, System.EventArgs e) { HttpApplication app = sender as HttpApplication; for (int i = 0; i < app.Context.Response.Cookies.Count; i++) { if (app.Context.Response.Cookies[i].Name == "ASP.NET_SessionId") { app.Context.Response.Cookies[i].Domain = m_RootDomain; } } } #endregion } Init method can achieve all items using the Session HttpModule use the same source, so that at the time of cookie ASP.NET_SessionId output will be the same value, but Cookie scope can not be modified. Reset ASP.NET_SessionId in context_EndRquest method can be scoped to the root domain. In Module need to call this project need to be added in Web.Config
<system.web>
<compilation debug="true" targetFramework="4.6.1"/> <httpRuntime targetFramework="4.6.1"/> <!--设定session状态服务器的存储位置,共享session的项目都要设置为同一位置--> <sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" timeout="30"></sessionState> <!--设置session的加解密方法,共享session的项目必须设置相同--> <machineKey decryptionKey="FD69B2EB9A11E3063518F1932E314E4AA1577BF0B824F369" validationKey="5F32295C31223A362286DD5777916FCD0FD2A8EF882783FD3E29AB1FCDFE931F8FA45A8E468B7A40269E50A748778CBB8DB2262D44A86BBCEA96DCA46CBC05C3" validation="SHA1" decryption="Auto"/> <!--IIS6或者IIS7经典模式,引用session统一处理模块--> <httpModules> <add name="MakeSessionIDOneOnly" type="Tools.MakeSessionIDOneOnly,Tools"/> </httpModules> </system.web> <system.webServer> <modules> <!--IIS7集成模式,引用session统一处理模块--> <add name="MakeSessionIDOneOnly" type="Tools.MakeSessionIDOneOnly,Tools"/> </modules> </system.webServer> <appSettings> <!--要共享Session的项目必须设置同一根域名--> <add key="DOMAIN" value="localhost"/> </appSettings>