M
Martin
I'm plannig an asp.net web farm.
I expect to use a SQL database for session state management, ie.
<sessionState mode="SQLServer" cookieless="false" .../>
My application uses web forms authentication, with a secure cookie, ie.
<authentication mode="Forms">
<forms name="mycookie" loginUrl=https://secure.domain.com
requireSSL="true"/>
</authentication>
I expect different web applications on different web servers to be
associated with each other by virtue of using the same sessionState
settings.
As indicated above, I would like to ensure that the pages requiring
authentication are grouped together, and as it happens I am thinking that
all the https pages would be grouped on one machine, and only these pages
require authenticated access.
So if I have 3 web servers, 1 and 2 would contain duplicate http pages
allowing anonymous access, whilst 3 would contain https pages requiring
authenticated access. All sharing the same session state, and being part of
the same overall web application.
I would use <location> and <authorization> elements to achieve at the file
level, or just <authorization> element in web.config placed in specific sub
directories.
My question concerns cookies.
Do the session and authentication cookies get shared between the different
servers in the web farm? I would expect to be able to specify the cookie
domain somewhere, but I can't see where.
Thanks to anyone who can fill in the gaps of this plan.
Martin
I expect to use a SQL database for session state management, ie.
<sessionState mode="SQLServer" cookieless="false" .../>
My application uses web forms authentication, with a secure cookie, ie.
<authentication mode="Forms">
<forms name="mycookie" loginUrl=https://secure.domain.com
requireSSL="true"/>
</authentication>
I expect different web applications on different web servers to be
associated with each other by virtue of using the same sessionState
settings.
As indicated above, I would like to ensure that the pages requiring
authentication are grouped together, and as it happens I am thinking that
all the https pages would be grouped on one machine, and only these pages
require authenticated access.
So if I have 3 web servers, 1 and 2 would contain duplicate http pages
allowing anonymous access, whilst 3 would contain https pages requiring
authenticated access. All sharing the same session state, and being part of
the same overall web application.
I would use <location> and <authorization> elements to achieve at the file
level, or just <authorization> element in web.config placed in specific sub
directories.
My question concerns cookies.
Do the session and authentication cookies get shared between the different
servers in the web farm? I would expect to be able to specify the cookie
domain somewhere, but I can't see where.
Thanks to anyone who can fill in the gaps of this plan.
Martin