Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to set the forms authentication cookie path

Tags:

asp.net

cookies

forms-authentication

On the same IIS web site, I have two ASP.NET web applications called /foo and /bar. Both use forms authentication and I want users to be able to log in and out of both sites independently.

With the standard configuration for forms authentication, it seems to send a cookie path of "/" for the forms auth cookie. This means that when a user logs into /bar it logs him out of /foo which is undesirable behaviour for me.

The obvious solution seems to be this:

FormsAuthentication.RedirectFromLoginPage(username, false, Request.ApplicationPath);

This makes the forms auth cookie have the application path which allows the user to log into /foo and /bar independently :-) However there is a further and more nasty problem: If the user tries to log into /Foo (with a capital F), IIS directs them to the web application /foo, but they can never log in because the browser (chrome in this case) is case sensitive when deciding whether to send the cookie based on the cookie path.

This seems to be a common problem which every ASP.NET web app developer will face but I can't see a sensible solution for it. Please tell me i've missed something obvious?

Thanks

Andy

like image 802
Andy Avatar asked Apr 09 '12 08:04

Andy

People also ask

Is it possible to set a path to a cookie?

Setting a path on user defined cookies is fine, as is the form's authentication cookie, since the Forms authentication config conveniently has a path attribute.

What is the cookie path for forms authentication in IIS?

On the same IIS web site, I have two ASP.NET web applications called /foo and /bar. Both use forms authentication and I want users to be able to log in and out of both sites independently. With the standard configuration for forms authentication, it seems to send a cookie path of "/" for the forms auth cookie.

What is Cookieless forms authentication and why is it used?

However, if we choose to use cookieless forms authentication, the ticket will be passed in the URL in an encrypted format. Cookieless forms authentication is used because sometimes the client browsers block cookies.

How do I change the time-out period for forms authentication?

The only setting that you can make is in the Web.config file or the Machine.config file, in the <forms> tag. This change will determine the time-out period of forms authentication in the context of a ticket or cookie unless the ticket is generated manually. <!-- name=" [cookie name]" - Sets the name of the cookie used for Forms Authentication.

1 Answers

I assume you have already solved this issue somehow, but since I stumbled upon this question I thought I should add my few cents.

To solve the issue use different cookie names in web.config. Something like:

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_FOO"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>

and 

<authentication mode="Forms">
  <forms name=".ASPXFORMSAUTH_BAR"
      loginUrl="public/login.aspx" cookieless="UseCookies" slidingExpiration="true"/>
</authentication>
like image 144
user1429080 Avatar answered Oct 12 '22 23:10

user1429080
Sign in to Comment

Related questions

Explicitly treat link as an absolute link?
Modifying a Cookie's Value in a HttpHandler
How to insert a constant value into a column using ASP.Net SqlBulkCopy
ASP.NET MVC catch-all routing
how to prevent uploading of exe file in asp.net mvc
How to hide tabs based on roles defined in attributes in MVC3?
How can I obtain ObjectSet<T> from Entity-Framework at runtime where T is dynamic?
Add items to menu dynamically in asp.net website
MVC3 & JSON.stringify() ModelBinding returns null model
writing right-to-left sentences in ASP.NET labels and text boxes
How to get all parents (up to root) nodes for selected in TreeView control?
Change the property of entire files in folder in Visual Studio 2008 project
Put ASP.NET MVC application in subdirectory of main MVC application?
Unable to cast object of type System.Web.UI.WebControls.GridView in ASP.NET
How to make simple calculations using model items and an input from a form in ASP.net MVC 3?
Parsing SOAP response with LINQ to XML - how to get nested nodes under parent?
How to wait for result of asynchronous web service call in ASP.NET for best performance
Virtual directory inside Orchard web application
How to configure Ninject to work with ServiceStack.net
Access Session.SessionID in ActionFilterAttribute

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!