5

I have an asp.net application and webservices (asmx) that reside in the same application but not in the same folder of the aspx files. I aslo have a winform application that uses the webservices. I have marked the webservice methods with [WebMethod(EnableSession = true)] but I am not able to share the same session values that are on the application in the webservices. The winform application has access to the sessionID from the application and I am using the following code

Uri uri = new Uri(ServerServiceUrl);
_cookieContainer = new CookieContainer();
_cookieContainer.Add(new Cookie("ASP.NET_SessionId", SessionID, "/", uri.Host));

My question is: Is there something that I am missing or doing wrong that I cannot access the application sessioin from the webservices?

Improve this question
3
  • 3
    Why do you need sessions in a webservice? Are you storing any temporary state? In which case, IMO services should be stateless & by this, your problem would not exist... Commented Apr 23, 2010 at 13:28
  • Agreed, you'll need to think of webservices like static classes Commented Apr 23, 2010 at 15:32
  • My aspx services, just like the application, talk to java webservices and when the application calls the services it caches the values for a period of time. Instead of calling the java services over and over again I want to use the data that has been cached by the application. Hence why I want to share the session. Commented May 3, 2010 at 12:44

2 Answers 2

Reset to default
1

I cannot shed any light as to why you are not able to have the winforms app "hijack" the session - what you are doing looks like it should do exactly what you want.

I wanted only to suggest that you use the application cache (to cache the response from you java service) instead of the user's session store. This has the following advantages: -

  • a) If the cached information is applicable to more than an individual user (e.g. access controlled), then the same cached information can be used for several users and not fetched for each session.
  • b) You have more control over how long things are cached for / when they are scavenged than you get with session data (which just lives for the lifetime of your session and has the danger of growing and growing if you forget to delete old information)
  • c) If you do not manage to get your session hijacking working, you can still access data in the cache from any session.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Have you tried inheriting your webservice class from System.Web.SessionState.IRequiresSessionState ?

It's normally used for http handlers, but webservices seem to use the same marker interface.

Improve this answer

2 Comments

I have not tried that, but as I understand it, by adding [WebMethod(EnableSession = true)] on each method makes them session enabled. I do have a session variables available, is just that it is a new session and not the session has already been created on the application.
Just realized. Are you accessing the webservice from the same machine? in that case are you sure you should be using "uri.Host" and not the loopback interface when setting up your cookie?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.