Login to one ASP.net website logs out another website hosted on same server?

Question

There are two website with same domain but requires different authentication. But when both the two websites are logged in on same browser the later logs out the former one. I can see that this is happening because when one user logs in to one website different forms authentication ticket is issued which updates the authentication ticket of first one. Why does both the websites are using same authentication ticket? How to prevent authentication ticket of one website updating the other one.

My config file looks like below

<authentication mode="Forms">
  <forms  loginUrl="~/Login.aspx" name=".ASPXFORMSAUTH" defaultUrl="~/Default/Home.aspx"    protection="All" timeout="10" slidingExpiration="true" requireSSL="false"/>
 </authentication>

Following is used to issue the authentication ticket of one website

 FormsAuthentication.SetAuthCookie(userid,true);

For another website following are used. Also both the website has different set of userids

   var ticket = new FormsAuthenticationTicket(1,userid, DateTime.Now,
                                                                       DateTime.Now.AddMinutes(90), false,string.Empty, FormsAuthentication.FormsCookiePath);
string cookieStr = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);

Response.Cookies.Add(cookie);

Are they sharing same session using same piece of code? That might be an issue. — , Mar 24 '13 at 09:25

score 4 · Accepted Answer · edited May 23 '17 at 10:32

4

if both sites are sub-domains set the cookie domain in the webconfig as for example subdomain.domain.com else cookies will work cross the domain.com

see Forms Authentication across Sub-Domains on local IIS

for more info

Chris

edited May 23 '17 at 10:32

Community

1
1

answered Mar 24 '13 at 09:43

Chris Goder

118
1
6

Login to one ASP.net website logs out another website hosted on same server?

1 Answers1