Two ASP.NET MVC applications overwrite same session cookie

64 Views Asked by Darshana Wijesinghe At 04 March 2024 at 16:53

I have two ASP.NET MVC applications with session configurations. When I log in from app1, that login is successful. After logging in from app2, it overwrites app1's session cookie and successfully logs in app2. But refreshing the app1 result redirects to the login page.

Both app1 and app2 cookie path is "/".
Both app1 and app2 running on the same IIS server.
Both app1 and app2 cookie name is unique.

I tried to change the session cookie path but it did not work.

Original Q&A

There are 2 best solutions below

Darshana Wijesinghe On 05 March 2024 at 17:23 BEST ANSWER

I fixed that by adding the cookie name to the UseCookieAuthentication pipeline in app2. Thanks everyone!

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {  
       ...
       CookieName = "Foo",
       ...
    });

Jalpesh Vadgama On 05 March 2024 at 05:43

Make your cookie http only so that way your cookie will be based on your domain like following.

builder.Services.AddSession(options =>
{
   options.IdleTimeout = TimeSpan.FromSeconds(10);
   options.Cookie.HttpOnly = true;
   options.Cookie.IsEssential = true;
});

Two ASP.NET MVC applications overwrite same session cookie

There are 2 best solutions below

Related Questions in C#

Related Questions in ASP.NET

Related Questions in ASP.NET-MVC-4

Related Questions in COOKIE-AUTHENTICATION

Related Questions in ASP.NET-SESSION

Trending Questions

Popular # Hahtags

Popular Questions