Two ASP.NET MVC applications overwrite same session cookie

DarshanaWijesinghe
March 5, 2024
206 views
0 votes
2 Answers

I have two ASP.NET MVC applications with session configurations. When I log in from app1, that login is successful. After logging in from app2, it overwrites app1’s session cookie and successfully logs in app2. But refreshing the app1 result redirects to the login page.

Both app1 and app2 cookie path is "/".
Both app1 and app2 running on the same IIS server.
Both app1 and app2 cookie name is unique.

I tried to change the session cookie path but it did not work.

Answers

Chosen as BEST ANSWER
- DarshanaWijesinghe
- March 5, 2024 at 6:23 pm
- 0 votes
0
I fixed that by adding the cookie name to the UseCookieAuthentication pipeline in app2. Thanks everyone!
```
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {  
       ...
       CookieName = "Foo",
       ...
    });
```

(Edit)

- JalpeshVadgama
- March 5, 2024 at 6:43 am
- 0 votes
0
Make your cookie http only so that way your cookie will be based on your domain like following.
```
builder.Services.AddSession(options =>
{
   options.IdleTimeout = TimeSpan.FromSeconds(10);
   options.Cookie.HttpOnly = true;
   options.Cookie.IsEssential = true;
});
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.