I have two ASP.net MVC applications say a.xyz.com/Customer and a.xyz.com/CustomerTest.
I have implemented cookie-based FormsAuthentication. Name of Auth cookie (AUTH and AUTHTEST) is different in both the Applications. Problem is that when I browse the applications in same browser, Session Cookies are available in both the apps. Also when I Abandon session in one application, second application's session abandons as well.
Both applications are running under same app pool. I cannot change the app Pool as they are having rewrite rules also which will not be available if I change the app pool.
I don't want to share the session between these two applications.
Please let me know if it is possible and How?
It is done.
I have changed the session cookie name of both the Applications in sessionState.
<sessionState mode="InProc" cookieless="false" timeout="60" cookieName="PRODSession" />
<sessionState mode="InProc" cookieless="false" timeout="60" cookieName="TestSession" />
Related
I have migrated a website from IIS 7 on MS Server 2008 to IIS 10 on MS Server 2019 and I am unable to set the session state cookie.
I've configured the Session State feature in IIS at the app pool level and at the site level to use InProc for session state, with a named cookie. I've also tried to add this configuration into the web.config file directly.
This is the section of the web.config I have set:
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/Account/Login" name=".MYSITEAUTH" protection="All" slidingExpiration="true" />
</authentication>
A cookie is being set on the client, but not with the .MYSITEAUTH property of the user.
This is the config of IIS for the site's Session State:
My hypothesis is that this is a configuration issue due to the same code and database not working on two different machines with the same web.config..?
Does anyone have any good steps to follow to enable asp.net session cookies on the client or any gotchas for setting this up in IIS 10 with Server 2019? No idea why this could be any different to the existing configuration but it is certainly something to do with IIS pushing out cookies.
Thanks!
When application is deployed on server and accessed from the client, the session variables are blank
If IsNothing(Session("Order")) Then is always returning true.
The session variables have values when tested on the development machine.
This is the entry in web.config
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="true" timeout="60" />
When are you setting the session? Also, is this hosted? Some 3rd party hosts recycle worker processes/application pools constantly and it kills your session. Make sure you have your own application pool as well. Also, cookieless could be a problem for you.
I am building a simple asp.net mvc3 application using Form authentication. After publishing it to IIS 7.5, I find that even after I restart the application pool for my web site(stop it and then start). A logined user doesn't need to re-login. That's not what I expect and I don't remember I had configured the cookie to be persistent.
I use the simple asp.net mvc3 web application template and haven't done much thing to config authentication. Below is some codes related to authentication:
in web.config:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
in LogOn action:
FormsAuthentication.SetAuthCookie(userName, false);
I think I have got your answer, cookie is set at client side and resetting server IIS will not destroy the cookie as it is not available on server. You can set cookie expiration time and it will get destroy at client side.I hope this clears the situation.
I am running a discussion website. The problem that is coming is that after sometime session automatically expires. I am hosting my website on a shared server and doesn't have access to the settings of extending expiry time in IIS. So is there any way I can do that using web.config?
And also I enabled basic authentication on the server and using default authentication in my website, means I didn't gave any authentication mode in configuration file. So are they same?
Yes, this is possible:
<configuration>
<system.web>
<sessionState timeout="x" />
<system.web>
</configuration>
Where x is the desired session timeout in minutes.
You can manage session timeout using web.config
Sessionstate timeout property is mentioned in minutes.
In webconfig file...
<system.web>
<sessionState timeout="1440"></sessionState>
</system.web>
I need to know the procedure to use asp.net session state server for session.
Please help.
You need to:
Start the stat session windows service
Add the following entry to your web.config file:
<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="UseCookies" timeout="10" regenerateExpiredSessionId="true" />
Configure the values in the above entry according to this
Note that if you used to use the inProc sessions before, you will not be able to store non serializable objects in session anymore.
Here's a very good article on Code Project which will step-by-step guide you how to do this..
http://www.codeproject.com/KB/aspnet/ExploringSession.aspx