It's up to the developer to use whatever mechanism suits the application. The ISSOSessionStore interface includes a SessionID property that must return a unique identifier associated with the browser session. The DatabaseSSOSessionStore implements this property by using the ASP.NET session ID (ie associated with the ASP.NET cookie, assuming there is one). If there is no ASP.NET cookie then you can provide your own implementation of the SessionID property using a custom cookie or any other mechanism.
Regards ComponentSpace Development
|