3

I am doing some development on my local machine using VS 2010 and running my dev code in Cassini, I also have taken a copy of the same code and deployed it to c:\mp and setup a web application in IIS7 to point to this directory.

Both applications are pointing to different databases. I access the IIS one by http://localhost/mp

When I log into either one of these it results in my being logged out from the other if I am already logged in.

I have a feeling this is something to do with the forms authentication we are using and possibly overwriting the cookie but I have not found anything useful yet.

The forms authentication setup look as follows

<authentication mode="Forms">
    <forms name="MP" loginUrl="~/login.aspx" protection="All" timeout="20" path="/" slidingExpiration="true" cookieless="UseCookies" defaultUrl="~/Modules/Enquirer/Default.aspx" />
</authentication>

We are also using roles and the membership providers

 <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="AspNetSqlRoleProvider">
            <providers>
                <clear />
                <add name="AspNetSqlRoleProvider" connectionStringName="mpconnectionstring" applicationName="mp" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            </providers>
        </roleManager>
        <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="20" hashAlgorithmType="SHA1">

We are also using inProc session state for both although I'm not sure if that would be an issue.

Can anyone suggest why this is happening and how to get around it?

Daniel Powell
  • 8,143
  • 11
  • 61
  • 108

2 Answers2

5

The issue is with the cookie, because the cookie keep the logged confirmation.

Changing the name of your cookie on web.config is probably solve your issue. So setup the name and the domain according to the two diferent logins, using 2 different cookie suffix names.

<authentication mode="Forms">
 <forms ... name=".CookieSuffix" domain="yoururl.com" ... />
</authentication>
Aristos
  • 66,005
  • 16
  • 114
  • 150
  • setting the name to different things fixed it, I didnt need to set the domain. Cheers – Daniel Powell Nov 23 '11 at 02:45
  • Is there any way to do this in code? I am creating a template for myself and others to use and chance is this will be forgotten, whereas in code we can pick up the applications name etc. – apc Oct 15 '15 at 16:48
  • @apc I think so that yes you can do that in code, but you must do it on authentication, probably on global.asas, I am not sure where - but yes you can, just search for how you can authenticate using code – Aristos Oct 15 '15 at 21:30
1

You'll need to explicitly set the names for some cookies in your web.config. Here's some of the typically required ones :

1) authentication cookie 

<authentication mode="Forms">
<forms name=".ASPXAUTH_YourAppName" ...

2) role manager cookie 

<roleManager cacheRolesInCookie="true" cookieName=".ASPXROLES_YourAppName" ..

3) session state cookie 

<sessionState cookieName="ASP.NET_SessionId_YourAppName" ...

I tack on a unique suffix to the default cookie name for different applications. e.g. in the above, replace "YourAppName" with something unique for your different app instances.

Moe Sisko
  • 11,665
  • 8
  • 50
  • 80