We have a web application to which users login. The app keeps the login info in Session. The problem is that the same application resides on different domains, and sometimes there are links between the domains – one domain has a link to the other. In this case, after clicking the link, the user is in the other domain, and has to re-login. Our users do not like this situation, and so we are looking for a solution.
We are reluctant to use cookies because sometimes our users log in from a public computer, which doesn't allow cookies. We also considered keeping login data in the DB, but we prefere not to do that, because we don't want to add another access to the DB on every page load.
So is there a way to enable Session between a few domains? Or is there another solution that we haven't thought of?
Note: We are not using Active Directory for authentication, but a DB authentication.
Best Answer
I would use a database to share session between domains or different technologies like classic ASP, PHP or asp.net.
Your concern about the database hit on every page is valid, so I use an approach were normal in-memory session is used to store an authentication ticket for the each. Only if that session doesn't exist, the server-side code goes to the database.
More information about this approach can be found at 'Enhanced Asp.net session state'