Why SessionID is different?

Question

I have an ASMX web service with following method:

[WebMethod(Description = "Test", EnableSession = true)]
public string DoWork(string param)
{
   string user = Session["user"].ToString();
}

When I call this method from client side using AJAX, the SessionId remains the same (for the aspx page and web service), but when I call this method from server side code (on button click event) SessionId gets changed:

ServiceReference1.MyServiceSoapClient obj = new ServiceReference1.MyServiceSoapClient();
string user=Session["user"];
obj.DoWork("Test string"); 

Why SESSIONID gets changed? How to keep both of them same?

Answer 1

Have you thought about where you calling from in each case? On the server-side call, you are calling from the server to itself and thus this creates a new session whereas in the other case, you are using the same client end and thus the session isn't changing in that case.

If you need picture this a bit more clearly, look at this from the web service perspective. In one case, the client is the web browser and in the other case the client is itself, which is different and thus the SessionID should be changed.

---

Assuming you have a good reason for the server to query itself, I'd probably consider adding a parameter to the webservice that could be passed that could allow for some data to be shared as otherwise what you'd have is the ability to hijack a session.

---

If the web service and aspx page are on the same server, then whatever functionality the webservice accesses, could be accessed directly in the code behind of the web page. You could make the logic of the "DoWork" method in the web service be put into a DLL that both the web page and the web service can access and that would allow for no change to the SessionID since the same client is being served on the request.