Click here to Skip to main content
15,939,960 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I currently have 3 websites deployed on my companies intranet using IIS 10 on the same server. Server is running Windows 10 PRO

Users access the app using a link to the app say
App1 -
App2 -
App3 -

All apps have login pages and store cookies on the browser.
The problem is when these cookies are created for all the 3 apps in the same browser all 3 apps cookies are visible to all of the apps. Which is bad?

How do I hide App1 cookies from App2 & App3 and App2 cookies from App1 & App3 and App3 cookies from App1 & App2

I am not using HTTPS/SSL in any of the Apps. But some cookies are not readable via javascript.

The real issue is that when logging out of the apps all the cookies of all apps get cleared when logging out of any app.

Kindly help

What I have tried:

Nothing as much waiting for some suggestion from community
Updated 11-Apr-19 3:03am
F-ES Sitecore 11-Apr-19 12:15pm    
I don't think what is happening is what you think is happening. If your sites are using different ports then they won't share cookies. If you log in to all three sites in the same browser and logout on one, the others are probably logging out from inactivity rather than anything to do with cookies.

Maybe you could use a GUID in each app to uniquely identify the app-specific cookie instead of the userID.
Share this answer
Set the Cookie.Path to match each app path?
Share this answer
if you are using forms authentication,
in each app's web.config set unique cookie name as follows:

<authentication mode="Forms">
  <forms name=".CookieName" loginUrl="LoginPage.aspx" />
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900