asp.net forms authentication logged out when logged into another instance

I am doing some development on my local machine using VS 2010 and running my dev code in Cassini, I also have taken a copy of the same code and deployed it to c:mp and setup a web application in IIS7 to point to this directory.

Both applications are pointing to different databases. I access the IIS one by http://localhost/mp

When I log into either one of these it results in my being logged out from the other if I am already logged in.

I have a feeling this is something to do with the forms authentication we are using and possibly overwriting the cookie but I have not found anything useful yet.

The forms authentication setup look as follows

<authentication mode="Forms">
    <forms name="MP" loginUrl="~/login.aspx" protection="All" timeout="20" path="/" slidingExpiration="true" cookieless="UseCookies" defaultUrl="~/Modules/Enquirer/Default.aspx" />
</authentication>

We are also using roles and the membership providers
 <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="AspNetSqlRoleProvider">
            <providers>
                <clear />
                <add name="AspNetSqlRoleProvider" connectionStringName="mpconnectionstring" applicationName="mp" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
            </providers>
        </roleManager>
        <membership defaultProvider="AspNetSqlMembershipProvider" userIsOnlineTimeWindow="20" hashAlgorithmType="SHA1">

We are also using inProc session state for both although I’m not sure if that would be an issue.

Can anyone suggest why this is happening and how to get around it?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

The issue is with the cookie, because the cookie keep the logged confirmation.

Changing the name of your cookie on web.config is probably solve your issue. So setup the name and the domain according to the two diferent logins, using 2 different cookie suffix names.

<authentication mode="Forms">
 <forms ... name=".CookieSuffix" domain="yoururl.com" ... />
</authentication>

Method 2

You’ll need to explicitly set the names for some cookies in your web.config. Here’s some of the typically required ones :

1) authentication cookie

<authentication mode="Forms">
<forms name=".ASPXAUTH_YourAppName" ...

2) role manager cookie
<roleManager cacheRolesInCookie="true" cookieName=".ASPXROLES_YourAppName" ..

3) session state cookie
<sessionState cookieName="ASP.NET_SessionId_YourAppName" ...

I tack on a unique suffix to the default cookie name for different applications. e.g. in the above, replace “YourAppName” with something unique for your different app instances.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x