Reputation: 70602
ASP.NET session state, serialization, and inheritance
First, a little background. I have two ASP.NET web applications that use SQLServer session state (they use the same server, with the same credentials). Each of the applications defines an encapsulated session class, which more or less acts as a container.
// For example...
public class FirstSession
{
private string _name;
public string Name
{
get { return this._name; }
set { this._name = value; }
}
public FirstSession()
{
this._name = string.Empty;
}
}
Of course, the real classes are much more complex, but in the end it mainly boils down to being a data structure. The applications then use this class whenever a new session is created. For example, in the Global.asax file:
protected void Session_Start(object sender, EventArgs e)
{
// Adds user to session state.
Session.Add(
"SK_SessionKey",
new FirstSession());
}
I realize that when using SQLServer session state, a given class must be serializable when adding an object to the session this way, but I left that part out for the sake of simplicity.
Each of the two applications defines its own set of values that need to be stored in the session, but they also have a large number of values in common (like, say, a User ID and authentication flag). Now, the two applications need single sign-on capabilities. So, my idea, since we're using SQLServer session state, was to use the session state itself to authenticate between the two applications.
Here's what I did: I created a 3rd assembly which contained a session class that provided the common data values that would be used between the applications (e.g. User ID, etc). I then distributed the assembly to both of the applications, which needed to add additional properties to their session objects. So, each of the applications implemented a session class which derived from the base session class contained in the external assembly.
My hope was that, since both derived classes are based on the same base class (which both applications have access to), then, for example, when redirecting from the 1st application to the 2nd application, the 2nd one could look for the session object and, upon finding the 1st application's session object, could cast it into the base class, extract the values, create and initialize its own session object, and then serialize it back into the session.
I tried using ISerializable to manage the serialization to and from the server, but it doesn't work just by using the SerializationInfo. How should I go about doing this? Should I serialize into XML, or binary? Will binary even work with the base/derived classes? Is there a certain framework class that I should look into? (BinaryFormatter?) Is there just something fundamentally wrong with my idea of using a base class?
=Edit=
I ended up using XML serialization, as explained here.
Upvotes: 4
Views: 2198
Answers (2)
Reputation: 100545
I think there are 2 questions:
- can 2 applications share ASP.Net SQL session state? Answer: not by default - covered in Rex M's answer.
- if there are 3 classes SharedASsembly.Base, Assembly1.Derived1:Base, Assembly2.Derived2:Base can code in Assembly2 deserialize Derived1 without loading Assembly1? Answer: no. You will be able to deserialize Base in any of the 3 assemblies, but to deserialize derived classes you need to load corresponding assembly.
Upvotes: 1
Reputation: 144162
Session is stored on an application repository basis. The two applications each have their own repository, they don't know that the other exists, regardless of whether they share some code.
There are a few ways to implement this. There are some products out there that let multiple applications share session state, but that can cause its own logistical problems. I don't recommend this approach.
The right way is rather than have common code, have a common repository - i.e. both applications have their own session, but there is a third database which both applications can access. App1 can write an object into this third database with a unique key, pass the key via querystring or something to App2, and App2 can go back to this common database and retrieve the data by the same key.
Upvotes: 3
Related Questions
- Storing a serializable object in the session
- Unable to serialize the session state
- Unable to serialize the session state
- Which object can't be serialized? IIS Session State with State Server
- Is it possible to Serialize/Deserialize Session object in asp.net
- Unable to serialize the session state... [Updated!]
- serializing session state in asp.net
- Serialize for asp.net session state
- ASP.Net Session over web / WCF Service
- ASP.NET Session Inheritence