Sunday, April 26, 2009

Preserving Session state across different domains

Recently I had a task that required to add some user session dependent data. The problem was that there is one main domain and many sub domains and different browsers act differently: IE8 is generating new session id only when top level domain is changed, Google Chrome, Firefox, Safari and Opera are generating new session id when subdomain is changed so session sensitive data will be lost. Requirement was to preserve session sensitive data across different subdomains and regardless of used browser.


Solution:
The idea is to use intermediate page that will use a self submitting form containing user session sensitive data in hidden fields. The trick is that that form will actually change sub/domain by posting to itself but will preserve session sensitive data via form's hidden input fields.


The original article with solution could be found here .


Hope this helps somebody.
Regards,
Oleh

No comments: