It seems I falled in love with the State Management section of the forum :) That's just a temporary love and will pass soon I hope so don't worry.
The problem I'm facing is this: I'm developing a framework for a SaaS application wich will handle different websites using the same DB and application files. A single deployment will drive different sites. So, to be clear, accessing
www.sitealpha.com and
www.sitebeta.com will start two different applications in IIS, both of wich pointing at the same physical folder (C:\Inetpub\wwwroot\mybigsite).
Now I'm doing some development testing on a local machine and i have to resort to IIS default web site, so at the moment I cannot have
www.site1 and www.site2 but I use
http://localhost/site1 and
http://localhost/site2 for testing wich are 2 different IIS applications, pointing to the same physical folder.
I have some static/shared classes wich are use as AppSettings and are initialized on App_Start and I checked they get correctly initialized in different ways based on the application (HttpRuntime.AppDomainId to select and choose the settings), so IIS is
really starting 2 different application, not just sharing a single one (in wich case both apps would see the same variables in the static/shard class).
The issue I'm facing is that even if they are 2 different applications, I'm sharing the same session cookie, anonymous ID cookie (anonymous tracking is on) and authentication cookie, so that if I login in one site I get logged in the other as well.
If I look inside the browser folder for cookies I see my cookie under
name@localhost so I'm wondering if this issue is due to the fact that I cannot have 2 real domains
www.sitealpha.com and
www.sitebeta.com to test the application or it will somehow persist even in production stage. If the issue it's tied to "localhost" testing, how can I simulate what I need even in a local development scenario?
My first thought was that you could always hack up your C:\Windows\System32\drivers\etc\host file and put in 2 test host names that both point to 127.0.0.1 and then in IIS create 2 different web sites that differ by those host names.
LOL Brock! I think we should get married :))) While I was in the elevator going to buy some food for tonight I had the exact same intuition but I still haven't try. The funny thing is that in all those years of developing locally I never thought of such
a solution not even for single sites/apps.
It's true that the mind is stimulated by the need! :) Thanks again
PS. I will update the topic after testing the solution (tomorrow)
Of course in IIS you have to create 2 new websites (not just new applications under the default web site) and everything works.
If you have aggressive antivirus software like me, check that they do not block this internal redirection for some reason (mine fired an alert with a bypass request)
Maybe its common practice for development but I never really needed it so I never really thought of this solution until now :)
manight
Member
59 Points
60 Posts
How to avoid shared cookies on multiple web domains accessing the same site
May 17, 2012 04:18 PM|LINK
It seems I falled in love with the State Management section of the forum :) That's just a temporary love and will pass soon I hope so don't worry.
The problem I'm facing is this: I'm developing a framework for a SaaS application wich will handle different websites using the same DB and application files. A single deployment will drive different sites. So, to be clear, accessing www.sitealpha.com and www.sitebeta.com will start two different applications in IIS, both of wich pointing at the same physical folder (C:\Inetpub\wwwroot\mybigsite).
Now I'm doing some development testing on a local machine and i have to resort to IIS default web site, so at the moment I cannot have www.site1 and www.site2 but I use http://localhost/site1 and http://localhost/site2 for testing wich are 2 different IIS applications, pointing to the same physical folder.
I have some static/shared classes wich are use as AppSettings and are initialized on App_Start and I checked they get correctly initialized in different ways based on the application (HttpRuntime.AppDomainId to select and choose the settings), so IIS is really starting 2 different application, not just sharing a single one (in wich case both apps would see the same variables in the static/shard class).
The issue I'm facing is that even if they are 2 different applications, I'm sharing the same session cookie, anonymous ID cookie (anonymous tracking is on) and authentication cookie, so that if I login in one site I get logged in the other as well.
If I look inside the browser folder for cookies I see my cookie under name@localhost so I'm wondering if this issue is due to the fact that I cannot have 2 real domains www.sitealpha.com and www.sitebeta.com to test the application or it will somehow persist even in production stage. If the issue it's tied to "localhost" testing, how can I simulate what I need even in a local development scenario?
(Working on asp.net 4 and IIS 7.5)
Thanks in advance
shared domains cookies
BrockAllen
All-Star
27532 Points
4906 Posts
MVP
Re: How to avoid shared cookies on multiple web domains accessing the same site
May 17, 2012 04:22 PM|LINK
My first thought was that you could always hack up your C:\Windows\System32\drivers\etc\host file and put in 2 test host names that both point to 127.0.0.1 and then in IIS create 2 different web sites that differ by those host names.
shared domains cookies
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
manight
Member
59 Points
60 Posts
Re: How to avoid shared cookies on multiple web domains accessing the same site
May 17, 2012 05:15 PM|LINK
LOL Brock! I think we should get married :))) While I was in the elevator going to buy some food for tonight I had the exact same intuition but I still haven't try. The funny thing is that in all those years of developing locally I never thought of such a solution not even for single sites/apps.
It's true that the mind is stimulated by the need! :) Thanks again
PS. I will update the topic after testing the solution (tomorrow)
manight
Member
59 Points
60 Posts
Re: How to avoid shared cookies on multiple web domains accessing the same site
May 18, 2012 02:15 PM|LINK
Adding the sites to C:\Windows\System32\drivers\etc\host works has expected, just add:
127.0.0.0 www.yourtestsitealpha.com
127.0.0.0 www.yourtestsitebeta.com
Of course in IIS you have to create 2 new websites (not just new applications under the default web site) and everything works.
If you have aggressive antivirus software like me, check that they do not block this internal redirection for some reason (mine fired an alert with a bypass request)
Maybe its common practice for development but I never really needed it so I never really thought of this solution until now :)