locked
Issue with session in asp.net core session middle ware. RRS feed

  • Question

  • User2033214657 posted

    Hi,

    we have an issue with the Session Middleware in asp.net core . actually if i am trying to access application from one host it's working fine. then with same host if i am trying to access the another application. the [previously opened ] / first application's session getting cleared . 

    what will be issue with session/ session middleware . please advise.

    using below in application processing pipeline

    UseSession();

    UseCookiePolicy

    and the service is configured using  - 

    CookiePolicyOptions

    AddSession

    Tuesday, May 19, 2020 1:31 PM

All replies

  • User-474980206 posted

    what are the urls of the two applications?

    Tuesday, May 19, 2020 3:16 PM
  • User2033214657 posted

    The URLs let say

    1st -- https://example.com/Application1?sessionkey=12344

    2nd -- https://example.com/Application2?sessionkey=12564

    after accessing the first one and then after if i access 2nd application the session of 1st application is getting cleared automatically. 

    Wednesday, May 20, 2020 10:09 AM
  • User-474980206 posted

    And what is your session configuration? 

    Wednesday, May 20, 2020 2:32 PM
  • User2033214657 posted

    service --

    service.Configure<CookiePolicyOptions>(options =>
    {
    options.CheckConsentNeeded = context => false;
    options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    service.AddDistributedRedisCache(options =>
    {
    options.Configuration = AppSettings.Properties["abcd"].ToString();
    options.InstanceName = "aserd";
    });

    objServiceCollection.AddSession(options =>
    {
    options.Cookie.Name = "xyz";
    options.IdleTimeout = TimeSpan.FromMinutes(90);
    options.Cookie.HttpOnly = false;
    options.Cookie.IsEssential = true;
    });

    application processing pipeline :-

    application.UseSession();
    application.UseCookiePolicy();

    Thursday, May 21, 2020 4:47 AM
  • User-474980206 posted

    use the browser debugger to check the domain of the session cookie. they probably match. so app2 replaces app1 session cookie with its session id.

    Thursday, May 21, 2020 4:40 PM
  • User2033214657 posted

    Hi,

    yes, the domains are same for both the cookies. so, you mean the domain for both the cookies can't be same.  

    Monday, May 25, 2020 7:48 AM
  • User-474980206 posted

    That’s correct. As each site has its own session Id they cannot use the same cookie. Change the domain or cookie names.

    Monday, May 25, 2020 4:12 PM