7

I am trying to write a web service that returns session variables. The application that calls this web service has access to the the Session ID of the current session.

I tried doing this by creating a "ASPNet_SessionID" cookie and then attaching setting it as the cookie container of a proxy class to the web service but that does not work. I did this like so,

 protected void CallService(string sessionID)
    {
        localhost.AuthService auths = new localhost.AuthService(); //Service Proxy class
        System.Net.CookieContainer cookieJar = new System.Net.CookieContainer();


        System.Net.Cookie newCookie = new System.Net.Cookie("ASPNet_SessionID", sessionID);
        newCookie.Domain = "http://localhost";
        cookieJar.Add(newCookie);
        auths.CookieContainer = cookieJar;


        string SessionData = auths.GetSessionData();

The GetSessionData web method simply returns the Session data like so:

[WebMethod(EnableSession=true)]
public string GetSessionData(string sessionID) {return ((string)Session["user"]);}

Should this approach work, or am I doing something completely wrong?

UPD:This link actually solved my problem - I was able to access all the sessions InProc and was able to select the correct one by ID:

http://weblogs.asp.net/imranbaloch/archive/2010/04/05/reading-all-users-session.aspx

Matt Kagan
  • 611
  • 1
  • 12
  • 24
  • What are you trying to achieve? Trying to trick asp's session handling will result in some pretty fragile code. – Journey Jul 21 '11 at 20:59
  • I am trying to enable a third party application to see what user is logged on to my website. The application is on the same domain as my site which means it has access to the same cookies, and therefore the SessionID. I thought that if I store the information about the current user in the Session, the third party app would be able to send a request to the web service which would retrieve the name of the user from the session. – Matt Kagan Jul 21 '11 at 21:07
  • how are you keeping the session? InProc? – Adrian Iftode Jul 21 '11 at 22:54
  • @Adrian - Yes, I am keeping the session InProc. My previous solution was to use a SQL database and look up by SessionID but that didn't work with one of the parts of the website ( the Sitecore CMS). Now I am trying to figure out another way. – Matt Kagan Jul 22 '11 at 13:58
  • 4
    then http://weblogs.asp.net/imranbaloch/archive/2010/04/05/reading-all-users-session.aspx – Adrian Iftode Jul 23 '11 at 19:28

3 Answers3

1

"I am trying to enable a third party application to see what user is logged on to my website."

To achieve this goal you would be far better to use ASP.NET Membership over Session to track users.

Then, to see logged-in status you can simply do this:

bool isLoggedIn = Membership.GetUser("Joe.User").IsOnline;
saille
  • 9,014
  • 5
  • 45
  • 57
0

switch AspCompatibilityMode to true

Parv Sharma
  • 12,581
  • 4
  • 48
  • 80
0

Is your system designed to be single user?

You suggest 'which user is currently logged on' but if that was the case there isn't much need to store anything in session, you could just stick the userid/name/details into a table in the DB, or potentially use .NET profiles to update an application level variable - http://msdn.microsoft.com/en-us/library/2y3fs9xs.aspx

dougajmcdonald
  • 19,231
  • 12
  • 56
  • 89