Search code examples
asp.netexpresssessionredismicroservices

Moving Monolith ASP.NET Webform application to Microservices and session management

We are working on Moving our monolith ASP.NET Webform application to Microservices, to begin with, we are using Nginx as the proxy router and Node express as API gateway. From browser, any .aspx request will be routed to existing ASP.NET Webform application from Nginx and new calls will be routed to API Gateway Till routing its all working fine but the problem is Session management, ASP.NET Webform application is using Redis as a session store and same session we are trying to access an API gateway ASP.NET stores sessionID in "ASP.NET_SessionId" cookie and in Redis its creating two Keys per session like SessionID_Data SessionID_Internal We tried to set the Express-redis session to the same "ASP.NET_SessionId" in Gateway but its creating different key then we tried to take cookie value and tried to generate same ID in API Gateway

enter code here
    app.use(session({
      genid: function(req) {
        //Get SessionID from Cookie and Return
  },
      store: new RedisStore({
       host:HOST,
       port:PORT,
       pass:PASSWORD,
       prefix: APP_PREFIX //Application Prefix used by ASP.NET
      }),

      name: 'ASP.NET_SessionId',
      secret: APP_SECRET,
      resave: false,
      saveUninitialized: false
    }));

Problem with this is ASP.NET create two Keys in Redis per user session so same we can not set the API Gateway

Is there any way to share ASP.NET Web form session in API Gateway or if we create Authentication and session management as separate Microservice then that session can be used in both ASP.NET web form and API Gateway which will auto-increment TTL of Redis Keys on each request?

Solution

  • To access ASP.NET session in Node API gateway we created a middleware, and by using "ioredis" library we are connecting to Redis session database which will be used by ASP.NET Redis session. Node API gateway to be in sync properly with ASP.NET Redis session we need to do

    1. In Middleware read Session Key from Cookie let cookieSessionID=req.cookies["ASP.NET_SessionId"];

    2. Add _Internal ({sessionID_Internal}) to session Id and check whether it's expired in Redis by using ioredis's exists method

    3. If a session exists then update the Time To Live of both _Internal and _data keys of ASP.NET session (In ioredis you can set the expiry of a key by expire() method)