惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
Apple Machine Learning Research
Apple Machine Learning Research
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V2EX - 技术
V2EX - 技术
Security Archives - TechRepublic
Security Archives - TechRepublic
Cisco Talos Blog
Cisco Talos Blog
T
Tor Project blog
博客园 - 司徒正美
T
The Blog of Author Tim Ferriss
J
Java Code Geeks
宝玉的分享
宝玉的分享
小众软件
小众软件
博客园_首页
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Spread Privacy
Spread Privacy
I
InfoQ
博客园 - 叶小钗
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
M
MIT News - Artificial intelligence
爱范儿
爱范儿
The Cloudflare Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Tenable Blog
S
Securelist
N
News and Events Feed by Topic
Simon Willison's Weblog
Simon Willison's Weblog
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
O
OpenAI News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
C
CERT Recently Published Vulnerability Notes
PCI Perspectives
PCI Perspectives
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Threat Research - Cisco Blogs
L
LINUX DO - 热门话题
I
Intezer
Scott Helme
Scott Helme
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Cybersecurity and Infrastructure Security Agency CISA
Google Online Security Blog
Google Online Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security Affairs
AI
AI
AWS News Blog
AWS News Blog
Security Latest
Security Latest

博客园 - 南疯

C#中获得月份中的第一天和最后一天和判断闰年 VS2008的网页报表可以直接打印了 Impossible 与 I’m possible 别吵了,.NET和JAVA两大帮派合并了! 让"指定的 MSProjectServerRole 帐户不属于 MSProjectServerRole 角色"去死吧 我所理解的工作流工作模式 BusinessObjects系统用户信息同步的解决类 关于BusinessObjects系统单点登录(SSO)解决办法(二) 关于BusinessObjects系统单点登录(SSO)解决办法(一) 教您怎样在C#中锁定Word内容,还教您怎样把人家的锁定内容破解了 一个封装比较完整的FTP类——clsFTP 还是VS2005全角问题 博客园(堂)内的互助有感 一个完整的接口技术解决方案 一个完整的接口技术解决方案(八) 一个完整的接口技术解决方案(七) 一个完整的接口技术解决方案(六) 一个完整的接口技术解决方案(五) 一个完整的接口技术解决方案(四)
How to share Session variables across Domains(在不同域之间共享Session)
南疯 · 2007-04-28 · via 博客园 - 南疯

Introduction  
      There is a general belief among developers that session state maintenance is always against one domain / site. And therefore one can not maintain session state across different domains. Usually there is
no such requirement to maintain session state across different domains. But of late due to increase in the scope of web based applications developers feel the need to share the session state with other domains.
The other domain may be a sister concern of the same company, or may be the B2B partner. So the question arises how one can share the session variables across other domains easily and safely.
Sharing Session variables using aSMS  
Configure aSMS
      Sharing Session variables across domains is very easy using aSMS. aSMS Standard and Advanced both support sharing session variables. Lets assume two different domains mydomain1.com and mydomain2.com. And
the requirement is to share the session variables between Mydomain1.com and mydomain2.com. For simplicity sake lets assume one webserver each for mydomain1.com and mydomain2.com. (It’s also possible so share session variables between different domains hosted on same webserver). So www.mydomain1.com points to webserver of domain1 and www.mydomain2.com points webserver of mydomain2.com.
Install aSMS on both webservers. Both aSMS should share a common LDAP server to share session variables.
      Lets assume that common LDAP server be ldap.mydomain.com. On the webserver of mydomain1.com, open the aSMS
Admin Console.
For the,
LDAP Path enter LDAP://ldap.mydomain.com:1002/o=mydomain/ou=Members
LDAPAdminentercn=Administrator,ou=Members,o=mydomain
     Enter the Admin Password. Set your Session Time out duration. If you want to support cookies then set Support Cookies to True.
     Click ‘Test LDAP Source’ button. If it returns ‘Successful’ Then aSMS has been configured successfully 
     On the webserver of mydomain1.com.Do the same on the webserver of mydomain2.com. Take care to enter the same LDAP path(LDAP://ldap.mydomain.com:1002/o= mydomain/ou=Members)for the webserver of mydomain2.com. This way we ensure that aSMS of both webservers point to the same LDAP Server. Test LDAP connection by clicking ‘test LDAP source’ button. If it returns successful then aSMS has been configured properly on webserver of mydomain2.com also and they both point to the same LDAP server.
     Start Session on Webserver of mydomain1.com
    One can use the functions.asp (link to function.txt) given in the sample files and include this file in all asp pages. If functions.asp has been used then Session can be started by just calling SessionStart function on the default.asp of mydomain1.com webserver.
    If function.asp is not used, then following code can be used to start the session in default.asp page
< %
Set objSession = Server.CreateObject("Session.Management")
objSession.SessionStart()
Set objSession = nothing
% >
To assign session variables in mydomain1.com
< %
Set objSession = Server.CreateObject("Session.Management")
objSession.CheckSession()
objSession.SetSession "givenname", John
objSession.SetSession "sn", Anderson
objSession.SetSession "mail", John@Anderson.com
objSession.SetSession "userPassword", password
objSession.SetSession "accountStatus ", 1
Set objSession = nothing
% >
To retrieve Session variables
< %
Dim strFirstName, strLastName, strEmailAddress
Dim strPassword, intStatus
Set objSession = Server.CreateObject("Session.Management")
objSession.CheckSession()
strFirstName = objSession.GetSession ("givenname")
strLastName = objSession.GetSession ("sn")
strEmaiAddress = objSession.GetSession ("mail")
strPassword = objSession.GetSession ("userPassword")
intStatus = objSession.GetSession ("accountStatus ")
Set objSession = nothing
% >
Sharing Session Variables   
      To share the session variables between domains, one need to pass the SessionGUID value to the other
domain. aSMS maintains session by using this SessionGUID. This can be done by passing the ‘SessionGUID’
cookie value to other domain by either query string or by hidden form field.
<ahref=http://www.mydomain2.com/default.asp?SessionGUID= <%= Request.Cookies (“SessionGUID”)% > >
MyDomain2.com< /a>
Add few lines just after SessionStart code in default.asp of ydomain2.com domain.
< %
Set objSession = Server.CreateObject("Session.Management")
If Request.QueryString ("SessionGuid") <> "" Then
Response.Cookies ("SessionGuid") = Request.QueryString ("SessionGuid")
Else
objSession.SessionStart()
End If
Set objSession = nothing
% >
To retrieve mydomain1.com’s session variables
< %
Dim strFirstName, strLastName, strEmailAddress
Dim strPassword, intStatus
Set objSession = Server.CreateObject("Session.Management")
objSession.CheckSession()
strFirstName = objSession.GetSession ("givenname")
strLastName = objSession.GetSession ("sn")
strEmaiAddress = objSession.GetSession ("mail")
strPassword = objSession.GetSession ("userPassword")
intStatus = objSession.GetSession ("accountStatus ")  
objSession = nothing
% >  
   This way we can share session variables between two different domains using aSMS.

Scenarios, where sharing Session Variables Across Domains may be required

Sharing session variables is required in so many types of web scenarios. Some of them are-
1. Common Login between two different domains - If you don’t want the users who have logged in
mydomain1.com to once again be validated in mydomain2.com.
2. Sharing Session variables with your B2B partner.
3. Developing your own ‘Microsoft Passport’ like web site.
Conclusion    
       Here we have seen how by using aSMS one can easily share session variables across two different domains. This method has been actually implemented on live web sites. Menswear.com  (http://www.menswear.com) and Womenswear.net (http://www.womenswear.net ) use aSMS to share session state
across two of their domains. When users go from menswear.com to womenswear.com, they need not re-login. Users need to login only at either menswear.com or at womenwear.com. The authentication details are shared between two domains.
    Download sample code for this page.

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?lngWId=4&txtCodeId=6245