0

There are two different websites that people use, let's call them A and B. Now, as far as login page goes, A and B are nearly identical in design, but the user account logins for A and B are stored in separate datatables and information is different. When someone logs into A, IE will store their info in a cookie and will call it when going on B, even though they are not the same. Nowhere in the login web forms can I find code for generating the cookie, so I am assuming that everything is done within IE. I found the file 'index.dat' that supposedly stores all of IE's cookies in each user's AppData folder, but I do not know how to access it, let alone change the way IE stores the cookies.

My goal is for IE to have distinct cookies for A and B.

Jackery Xu
  • 386
  • 2
  • 5
  • 19
  • 1
    If you're doing a typical forms auth ASP.NET application, then the auth cookies are generated server-side and sent to the client in the login response. – Jacob Mar 25 '13 at 15:53
  • IE just stores cookies... cookies themselves are generated by the server and sent in HTTP header to client! – Yahia Mar 25 '13 at 15:53
  • Where can I find the code that generates these cookies? – Jackery Xu Mar 25 '13 at 15:55
  • @Yahia, Is that correct? Can't JavaScript generate cookies client-side? – Ash Burlaczenko Mar 25 '13 at 15:55
  • @AshBurlaczenko: Javascript can generate cookies client-side. Yahia is probably referring to the asp.net membership items – NotMe Mar 25 '13 at 15:57
  • If you need A and B to be in the same domain, you could try this answer: http://stackoverflow.com/a/5403817/119549 – Jacob Mar 25 '13 at 15:59
  • @AshBurlaczenko yes it is possible to generate cookies client-side (for example with javascript)... usually they are created server-side... IE itself (or any other browser) does NOT generate cookies as implied by the OP... – Yahia Mar 25 '13 at 15:59

3 Answers3

3

Place the sites on different domains. If the sites share a domain, they will see each other's cookies. You can't change this. It's how cookies work.

spender
  • 117,338
  • 33
  • 229
  • 351
2

So I suppose you want to change default asp.net forms authentication cookie names to something else.

Something like this in web.config:

 <authentication mode="Forms">
    <forms name="myCustomCookieForApp1" ... />
  </authentication>

You can read up here: http://msdn.microsoft.com/en-us/library/ff647070.aspx

driushkin
  • 3,531
  • 1
  • 24
  • 25
0

The only way IE will send the cookie for A to B is if they are on the same domain and you haven't configured the login mechanism to limit the cookie to your subdomain.

See sub-domain cookies, sent in a parent domain request?

Community
  • 1
  • 1
NotMe
  • 87,343
  • 27
  • 171
  • 245