How to share Session in ASP.NET Core 3 between 2 servers?

Asked 20/3, 2020 at 4:37 Answered 9/6, 2021 at 10:51

Solved c#session-variables session-state .net-core-3.0 sql-session-state

How does one share session in ASP.NET Core 3 between 2 servers (load balanced)? And can session be shared between several web services/APIs and the main ASP.NET MVC app?

I am very new to .NET Core 3, I was used to working with session state in ASP.NET Framework MVC (where it was as simple as using the same machine key in the IIS configuration of the site) but I've learned that everything changed for .NET Core 3, in addition a lot of documentation is extremely outdated/obsolete as new versions have rolled out, .NET core 1 has nothing to do with later versions and 2 with 3, and also it requires many NuGet packages which may or may not work anymore.

Currently I have successfully implemented SQL session store with .NET Core 3 but the option of machine key no longer shows up in the IIS and I really don't know how to configure them in the appsettings.json file (if still used at all).

Our setup is 2 servers which must both share the session info, with an F5 load balancer, our old apps which use .NET Framework MVC are configured like this, and I need help with achieving the same result but with .NET Core 3.

I read through https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/web-farm?view=aspnetcore-3.1 but it doesn't really explain how to actually do anything

Also this https://learn.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-3.1 helped configure the SQL session storage but not how to share between the 2 servers

As well as http://www.intstrings.com/ramivemula/articles/jumpstart-44-sql-server-based-session-state-in-asp-net-core-mvc-application/

Michel answered 20/3, 2020 at 4:37 Comment(7)

Does anyone have any info on this? – Michel 2/4, 2020 at 0:13

I am facing similar issue where I need to share session between 2 servers. I think the solution is to spin up a redis cache... at least that is what I think – Shamrao 4/5, 2020 at 16:58

In my case I can't use redis as we do not have permission to do so. we must use IIS – Michel 24/6, 2020 at 1:24

If the sessions are used just for authentication, then maybe move away from session itself and embrace the recommended way of doing authentication in mvc maybe? If not, may be the question might be how to do your use case in mvc the right way, for that you might have to update the question with those details though. Sessions are no more the preferred way of doing anything in mvc land and it will continue to get more and more difficult just like finding a serial port in a modern hardware where usb is the way. But I understand you might probably have genuine case for session, I'm just saying.. – Downstage 2/6, 2021 at 17:6

you have one domain for all severs or more than one? – Dogie 3/6, 2021 at 8:2

devcentral.f5.com/s/question/0D51T00006i7jOE/… Check this page and links. This could be of help – Trentontrepan 8/6, 2021 at 14:44

Thy this Share authentication cookies among ASP.NET apps – Outherod 9/6, 2021 at 16:0

I think this can help you:

I got it from here: https://learn.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-3.1#distributed-sql-server-cache

Chlorenchyma answered 9/6, 2021 at 10:51 Comment(1)

I think this may be it, but I have to test it. Sadly the company discarded the project using .net core for now – Michel 23/6, 2021 at 18:6

Have you configured DataProtection? I haven't worked with this in a while, but from memory this was the essential piece for distributed session storage to work in .NET Core

Here's some additional reading about both sessions and DataProtection in .NET Core with bonus mentions for MachineKey - https://andrewlock.net/an-introduction-to-the-data-protection-system-in-asp-net-core/

Enabling answered 2/6, 2021 at 19:21 Comment(0)

Your user's session authentication key is stored in a cookie within their web browser. No matter which server the user connects to, they will pass their cookie to that server and the server will authenticate their session via SQL using the authentication key.

Hepcat answered 26/8, 2020 at 23:19 Comment(2)

Hi, the issue is that exactly what you describe is not happening with my app and servers, the moment the switch occurs within the load balance the cookies are gone and users must login again. This issue was so real and specific, there used to be tutorials on how to configure farm server setups in previous versions of .net framework, there is just no info about how to achieve this in asp.net core 3 – Michel 27/12, 2020 at 23:25

First, check to see if the cookie is being saved. Then, make sure its being passed to the server from the web browser. Then, check to see if the load balancer is passing the cookie to your web server. Then check .NET request to see if the raw cookie data exists. If you've gotten this far, then there is an issue with .NET. If not, its an issue with something else. – Hepcat 29/12, 2020 at 0:27

I think this can help you:

I got it from here: https://learn.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-3.1#distributed-sql-server-cache

Chlorenchyma answered 9/6, 2021 at 10:51 Comment(1)

I think this may be it, but I have to test it. Sadly the company discarded the project using .net core for now – Michel 23/6, 2021 at 18:6

Recommended topics

Hot tags