locked
Cross Domain posting if SessionState mode is SqlServer RRS feed

  • Question

  • User-1179105042 posted

    I am posting a form from one domain to application in another domain.I am getting posted data for sessionstate mode="SqlServer" if cookieless is "False" but if cookieless is "True" , i am not getting any data at all.I need to use sessionstate mode="SqlServer" and cookieless "true" for my application.

    Please help me out!!

    Friday, October 12, 2012 8:08 AM

All replies

  • User1779161005 posted

    The user's session is identified with a identifier stored in a cookie. Cookies are not shared cross-domain. I'd suggest re-working your design to not rely upon session and cookies if you need this cross-domain data sharing.

    Friday, October 12, 2012 9:59 AM
  • User-1179105042 posted

    We are not using cookies that's why we have set cookieless='true' in sessionstate.I need to post data from form like this 

    <form id="form1" action="http://www.xyz.com/abc.aspx" method="post"></form>

    Now, on loading abc.aspx url is changed to this url "http://www.xyz.com/(s(qwasgdgtt3ty6hg6m1k))/abc.aspx" with appended sessionID as cookieless is set to true and all my posted data is lost.

    Monday, October 15, 2012 12:41 AM
  • User1779161005 posted

    I don't have much help for you other than suggesting that cookieless sessions are not the best design:

    http://brockallen.com/2012/04/08/cookieless-session-considered-dangerous/

    And Session in general is bad:

    http://brockallen.com/2012/04/07/think-twice-about-using-session-state/

    I know this doesn't help your current situation, but continue with eyes wide open.

    Monday, October 15, 2012 12:48 AM
  • User-1179105042 posted

    We have various issues with our application like data posting across domain, security issues, on live there will be web farming so need to use session. Is it possible to use data caching in web farming. Which will be the best scenario to use?

    Monday, October 15, 2012 1:06 AM