Maintaining Session Between Two Applications

Session data is very important for all applications. Session enable the application to recognize the user by using credentials. Sometimes we need to transfer the Session from one application to another. If you are working with In-Proc session mode than you cannot share the session in different applications. However there is a small way you can use to transfer the session from one application to another in the In-Proc session mode.

Introduction:

Session data is very important for all applications. Session enable the application to recognize the user by using credentials. Sometimes we need to transfer the Session from one application to another. If you are working with In-Proc session mode than you cannot share the session in different applications. However there is a small way you can use to transfer the session from one application to another in the In-Proc session mode. 

Database Table:

The first thing you need to do is to create a Database Table which will store the username and a unique id of the user.

CREATE TABLE [dbo].[Person] (
[PersonID] [int] IDENTITY (1, 1) NOT NULL ,
[Username] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[GUID] [nvarchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) ON [PRIMARY]
GO

Just run the script above to create the table. Now we need to create the parent application which will transfer the session to the child application.

Parent Application:

The parent application consists of a TextBox and a Button control. You write the username in the TextBox and press the Button to transfer the user session to the different application.

Let's see the Button click code:

protected void Button1_Click(object sender, EventArgs e)

{

// Writes the session in the database

SaveSessionInDatabase(txtUserName.Text);

// Put in the database

Response.Redirect("http://localhost:2979/ChildApplication/Default.aspx?guid="+GUID);

}

VB.NET Code:

Protected Sub Button1_Click(ByVal sender As ObjectByVal As EventArgs)
        ' Writes the session in the database
        SaveSessionInDatabase(txtUserName.Text)
        ' Put in the database
        Response.Redirect(("http://localhost:2979/ChildApplication/Default.aspx?guid=" + GUID))
    End Sub

Now let's see the SaveSessionInDatabase() method.

// This method saves the username in the database

private void SaveSessionInDatabase(string userName)

{

string query = "INSERT INTO Person(UserName,GUID) VALUES(@UserName,@Guid)";

SqlConnection myConnection = new SqlConnection(ConnectionString);

SqlCommand myCommand = new SqlCommand(query, myConnection);

myCommand.Parameters.AddWithValue("@UserName", userName);

myCommand.Parameters.AddWithValue("@Guid", GUID);

myConnection.Open();

myCommand.ExecuteNonQuery();

myConnection.Close();

}

VB.NET Code:

Private Sub SaveSessionInDatabase(ByVal userName As String)
        Dim query As String = "INSERT INTO Person(UserName,GUID) VALUES(@UserName,@Guid)"
        Dim myConnection As SqlConnection = New SqlConnection(ConnectionString)
        Dim myCommand As SqlCommand = New SqlCommand(query, myConnection)
        myCommand.Parameters.AddWithValue("@UserName", userName)
        myCommand.Parameters.AddWithValue("@Guid", GUID)
        myConnection.Open
        myCommand.ExecuteNonQuery
        myConnection.Close
    End Sub

Here are the GUID and ConnectionString properties:

private string ConnectionString

{

get { return ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; }

}

private string GUID

{

get

{

Guid guid = System.Guid.NewGuid();

string gID = string.Empty;

if (ViewState["GUID"] != null)

{

gID = ViewState["GUID"] as String;

}

else

{

ViewState["GUID"] = guid.ToString();

gID = ViewState["GUID"] as String;

}

return gID;

}

}

 

Private ReadOnly Property ConnectionString As String
        Get
            Return ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString
        End Get
    End Property
    
    Private ReadOnly Property GUID As String
        Get
            Dim guid As Guid System.Guid.NewGuid
            Dim gID As String = string.Empty
            If (Not (ViewState("GUID")) Is Nothing) Then
                gID = CType(ViewState("GUID"),String)
            Else
                ViewState("GUID"guid.ToString
                gID = CType(ViewState("GUID"),String)
            End If
            Return gID
        End Get
    End Property


As you have already noticed that we are sending the GUID to the child page. The reason for sending GUID is because GUID is much safer than sending other values. The reason being that you cannot predict the new value of the GUID.

Now let's see the child page which receives this GUID and retrieves the username from the database.

Child Application:

The child application will receive the GUID and will search the database for the username associated with GUID.

protected void Page_Load(object sender, EventArgs e)

{

if (!Page.IsPostBack)

{

if (Request.QueryString["guid"] != null)

{

string quid = Request.QueryString["guid"] as String;

lblMsg.Text = GetSessionVariable(quid);

}

}

}

private string GetSessionVariable(string guid)

{

string query = "SELECT UserName FROM Person WHERE GUID = @GUID";

SqlConnection myConnection = new SqlConnection(ConnectionString);

SqlCommand myCommand = new SqlCommand(query, myConnection);

myCommand.Parameters.AddWithValue("@GUID", guid);

myConnection.Open();

string userName = (string) myCommand.ExecuteScalar();

myConnection.Close();

return userName;

}

private string ConnectionString

{

get { return ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; }

}

 

Private ReadOnly Property ConnectionString As String
        Get
            Return ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString
        End Get
    End Property
    
    Protected Sub Page_Load(ByVal sender As ObjectByVal As EventArgs)
        If Not Page.IsPostBack Then
            If (Not (Request.QueryString("guid")) Is Nothing) Then
                Dim quid As String = CType(Request.QueryString("guid"),String)
                lblMsg.Text GetSessionVariable(quid)
            End If
        End If
    End Sub
    
    Private Function GetSessionVariable(ByVal guid As StringAs String
        Dim query As String = "SELECT UserName FROM Person WHERE GUID = @GUID"
        Dim myConnection As SqlConnection = New SqlConnection(ConnectionString)
        Dim myCommand As SqlCommand = New SqlCommand(query, myConnection)
        myCommand.Parameters.AddWithValue("@GUID", guid)
        myConnection.Open
        Dim userName As String = CType(myCommand.ExecuteScalar,String)
        myConnection.Close
        Return userName
    End Function

The idea discussed here is one of the ways you can make a session consistent using In-Proc mode. When working on a webfarm you should always use Session Mode = SQLSERVER.

I hope you liked the article, happy coding!

Although I have recieved many emails about this idea indicating that this does not mean that we are sharing the session. But it really depends on the scenario and in my application we adopted this approach.
Once again if you have to share the session use mode = SQLSERVER.