This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 74%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHH%3C/text%3E%3C/svg%3E)
We use a DistributedSqlServerCache and load balance for session state in web farm, so when set session and get session if change server would not read session,
Create table in SQL:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[BlogsCache]
(
[Id] [nvarchar](449) NOT NULL,
[Value] [varbinary](max) NOT NULL,
[ExpiresAtTime] [datetimeoffset](7) NOT NULL,
[SlidingExpirationInSeconds] [bigint] NULL,
[AbsoluteExpiration] [datetimeoffset](7) NULL,
PRIMARY KEY CLUSTERED ([Id] ASC)
WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF,
IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON,
ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
My startup
services.AddDistributedSqlServerCache(options =>
{
options.ConnectionString = Configuration.GetConnectionString("DbConnection");
options.SchemaName = Configuration.GetConnectionString("SchemaName");
options.TableName = Configuration.GetConnectionString("TableName");
});
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(30);
options.Cookie.IsEssential = true;
});
And also add session in the Configure method
app.UseSession();
When publishing to one server, everything was ok, but publishing to web farm by load balance, when I refresh page, session and SessionId also cookie changed.
Our old project was ASP.NET MVC 5, and we added machine key on web.config that get from IIS.
Is necessary add machine key on web.config for ASP.NET Core?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Yes it’s the same issue as setting machine key, all the servers must use the same key. .net core uses data protection services, which need a shared storage provider. Also data protection services generates the key, it’s not settable.. See above picking a provider.
Thanks for your answer, I must to uses data protection?
Can I set machine key on web.config that generate after publish?
So if I must to use data protection, I will create xml file and write machine key like web.config mvc 5 and register on startup file.
I found this docs :
https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/compatibility/replacing-machinekey?view=aspnetcore-5.0
But This was a bit vague for me, Could you please explain.
.net core uses data protection services. the article you link, is to update a 4.* framework project to also use data protection services (this happens anyway if you use owin).
in data protection services there is no setting for machine key, because data protection services generates the key when required (similar to the old machine key generate=auto). this means you need to configure a shared storage provider.
as you are using sqlserver for session, you can also use sqlserver for key storage. see the entity framework core provider:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Refer to the steps given here for setting up session middleware. Also refer to the instructions here for using a distributed cache.
Assuming your SQL instance is properly configured then you need to call the overload for AddSession that allows you to specify the cookie information.
The session cookie is encrypted using the standard data protection provider. You can use whatever provider you want but given a distributed environment your options are going to be limited. The list of available providers is here. If you're in Azure then it has options otherwise you could use a shared key for legacy reasons or Redis cache but any provider would work that shares data.