0

When we login into two different applications (e.g. Test1, Test2) with a different user (e.g. User1, User2) hosted on the same server using the following scenarioenter code here

  1. User 1st logs the one application in one tab
  2. User 2nd logs in the other application in a separate tab.
  3. User 1st try to navigate another page then, automatically user 1st got logged out.

The problem occurs when you open a new browser tab because the session is the same so any changes you make in the new tab is going to impact on other tabs and when to click on any link of the first tab it will redirect to login page. So, we just want to know that is this default behaviour or we have to do some setting in IIS from your side?

We are using form authentication and for that, we enabled Anonymous and Form authentication in IIS. Also, we have set [Anonymous] attribute to Login action.

Pankaj
  • 3,131
  • 4
  • 14
  • 22
  • Login is normally handled with sessions; typically, sessions are identified by cookies; and by default cookies are set on client for the whole server. If you want your two applications to be kept separate, you need to set a cookie for individual application, using the [`Path` parameter](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Scope_of_cookies). Alternately, you could change the session cookie's name for the two apps. Either of these will cause the sessions to be separate for the two apps. Sorry, I don't know .NET, can't tell you how to make it do so. – Amadan Dec 28 '18 at 07:19
  • Seems like cookie name can be changed in [configuration](https://learn.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/h6bb9cz9(v=vs.100)), but changing Path would necessitate monkeying with [`SessionIDManager`](https://referencesource.microsoft.com/#system.web/State/SessionIDManager.cs,183). – Amadan Dec 28 '18 at 07:36
  • how you separate the applications ? (with different domain names, or with subdomains ?) – Aristos Dec 28 '18 at 09:13
  • following url i am using to run the allpication https://testserver1/app1 and https://testserver2/app2 – Pankaj Dec 28 '18 at 10:14

1 Answers1

0

If you use different domain name, and you have conflict, then you probably use the same database to store/retrieve the users data.

You can separate the applications using the applicationName on roleManager, profile, and membership on web.config

One example from How to: Use the ASP.NET Membership Provider

<!-- Configure the Sql Membership Provider -->  
<membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="15">  
  <providers>  
    <clear />  
      <add   ... 
        applicationName="MembershipAndRoleProviderSample"  
              ... 
         />  
  </providers>  
</membership>

This application name, is also inside the database and separate each applications.

You can also read : Multiple applications using same login database logging each other out

Aristos
  • 66,005
  • 16
  • 114
  • 150