How to not mix cookies of ASP.NET websites deployed on intranet

Question

0.00/5 (No votes)

See more:

I currently have 3 websites deployed on my companies intranet using IIS 10 on the same server. Server is running Windows 10 PRO

Users access the app using a link to the app say
App1 - http://1.1.1.1:161/App1/Login.aspx
App2 - http://1.1.1.1:162/App2/Login.aspx
App3 - http://1.1.1.1:163/App3/Login.aspx

All apps have login pages and store cookies on the browser.
The problem is when these cookies are created for all the 3 apps in the same browser all 3 apps cookies are visible to all of the apps. Which is bad?

How do I hide App1 cookies from App2 & App3 and App2 cookies from App1 & App3 and App3 cookies from App1 & App2

I am not using HTTPS/SSL in any of the Apps. But some cookies are not readable via javascript.

The real issue is that when logging out of the apps all the cookies of all apps get cleared when logging out of any app.

Kindly help

What I have tried:

Nothing as much waiting for some suggestion from community

Posted 10-Apr-19 7:42am

Christopher Fernandes

Updated 11-Apr-19 3:03am

v2

Add a Solution

Comments

F-ES Sitecore 11-Apr-19 12:15pm

I don't think what is happening is what you think is happening. If your sites are using different ports then they won't share cookies. If you log in to all three sites in the same browser and logout on one, the others are probably logging out from inactivity rather than anything to do with cookies.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

#realJSOP · Answer 1 · 2019-04-10T08:17:00

Solution 1

Maybe you could use a GUID in each app to uniquely identify the app-specific cookie instead of the userID.

Posted 10-Apr-19 8:17am

#realJSOP

DavidBSmith · Answer 2 · 2019-04-10T17:22:00

Solution 2

Set the Cookie.Path to match each app path?

Posted 10-Apr-19 17:22pm

DavidBSmith

Nitin S · Answer 3 · 2019-04-10T22:17:00

Solution 3

if you are using forms authentication,
in each app's web.config set unique cookie name as follows:

XML

<authentication mode="Forms">
  <forms name=".CookieName" loginUrl="LoginPage.aspx" />
</authentication>

Posted 10-Apr-19 22:17pm

Nitin S