1

I am currently using asp.net membership database on multiple apps. I am not looking for single sign on function. My desire is to be able to logged in at the same time on multiple apps.

But currently, when I log into one app, the other one is logged out instantly. I think the apps issues some kind of Token inside the database so when I log into one app, the other one logs out.

How can I get around this thing?

tugberk
  • 57,477
  • 67
  • 243
  • 335
  • If it is acceptable to you using the same application id across apps should solve your problem. – faester Jun 25 '11 at 12:45
  • @faester hmm, that's logical. Only downside is that I have never done that before. exactly how can we do that? – tugberk Jun 25 '11 at 13:26

1 Answers1

3
  • Do your applications share a machineKey?
  • Do they all target the same membership database?
  • Do they share one cookie domain?

Here's part of how I implement it

<httpCookies domain=".domain.com.ar"/>

<authentication mode="Forms">
  <forms defaultUrl="~/" loginUrl="~/login" timeout="43200" protection="All" domain=".domain.com.ar" cookieless="UseCookies" />
</authentication>

And my membership, roleManager, and profile providers all target the same databases.
Do this in every application, of course.

Note: I know, I know. The machineKey article is deprecated, but it still has a very valid C# example of how you should generate your machineKey.

They should be formatted like so:

<machineKey validationKey="128 hexadecimal characters" validation="SHA1"
            decryptionKey="64  hexadecimal characters" decryption="AES" />
bevacqua
  • 47,502
  • 56
  • 171
  • 285
  • here are the answers : **Do your applications share a machineKey?** yes, but I believe they are not the same. | **Do they all target the same membership database?** certainly yes. | **Do they share one cookie domain?** some of them on the same domain level and some of them others. here is an three example url *www.example.com, sale.example.com, www.example1.com* – tugberk Jun 25 '11 at 13:41
  • If they are not the same, they aren't sharing one, they all just happen to have one. On the cookies end: you should try having at least `example.com` and `sale.example.com` use the `.example.com` domain. I'm not sure how it'd behave on `example1.com`, but you could give it a shot. – bevacqua Jun 25 '11 at 13:44
  • you are right but the apps are sort of old and it is really hard for me to move them all instantly. so, I shouldn't add `` thing then, should I? – tugberk Jun 25 '11 at 13:56
  • Why not? I didn't mean you should *move* anything, that tag is supposed to set a cookie domain in common for all your applications. – bevacqua Jun 25 '11 at 14:43
  • that's weird. the app who sits on **example.com** can use the cookies of **example1.com**? – tugberk Jun 25 '11 at 15:19
  • I'm not sure on that count, you could try.. I meant on `example.com` – bevacqua Jun 25 '11 at 15:42