Cookies are not port-specific.
There was a suggestion to add this feature back in 2000 in
RFC 2695[
^]; but that was replaced in 2011 by
RFC 6265[
^], which makes no mention of the
port=
attribute. AFAIK, no browser ever supported the
Set-Cookie2
header or the port attribute.
The closest equivalent is the "Secure" flag, which indicates that the cookie should only be sent with HTTPS requests. But cookies without this flag set will still be sent for both HTTP and HTTPS requests, so it won't solve your problem.
You have three options:
- Rename the cookies (on one version of the site only!)
You'll need to make sure you update every single usage, including the built-in settings for session and authentication. - Put both versions on different paths, and add the path to the cookie
So you'll have http://yourserver:9696/path1/
and http://yourserver:9797/path2/
.
Again, you'll need to get every single cookie to use the correct path. - Give each version a different host name
Set up two A
records on your internal DNS pointing to the server, and set up the host headers in IIS so that each version responds to a single record.
Eg: http://app1.yourserver.local/
and http://app2.yourserver.local