Håkan Lindqvist
Nov 22, 2010
  7921
(2 votes)

Running multiple EPiServer sites on different ports on the same host/domain

A setup where you have multiple sites running on different ports on the same host/domain can be handy for quick deployment of sites for testing/demoing/etc and does work fine for the most part.

However, there is an issue that you will likely run into with this kind of setup for ASP.NET sites using Forms authentication: the Forms login cookie will be shared between all of the sites.

 

The reason for this behavior is that Forms authentication by default uses cookies and that the cookie mechanism in HTTP can limit the scope of cookies by domain and/or path, but not by port.

As an example, taken from a local EPiServer CMS installation, the Forms login cookie may look something like this:
Set-Cookie: .EPiServerLogin=encryptedandsignedvaluehere; path=/; HttpOnly

Which in turn means that the client is supposed to send back the cookie for subsequent requests to the same host (regardless of port) for paths under “/”.

 

The preferred solution is to assign different domain names to the different sites, but if this is not practical a possible workaround for this particular problem is to assign different names for the actual login cookie for each site (the latter solution has the downside that the different login cookies will still be sent with requests to all of the sites, just without the normal interference, so if there is any kind of trust issues between the different sites this is not the way to go).


Changing the name of the login cookie is done by changing the name attribute of the configuration/system.web/authentication/forms element in web.config.

Please see http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx for further information on the Forms authentication configuration.

Nov 22, 2010

Comments

tost
tost Nov 23, 2010 01:17 AM

Nice one Håkan! Personally I always set up my local sites with hostnames, bind them all to port 80 and map them in the hosts file. I usually give them names with "local" top level domain, e.g. http://demo.local. But if you for some reason can't do this, your solution is awesome.

Please login to comment.
Latest blogs
Optimizely community meetup - Sept 29 (virtual + Melbourne)

Super excited to be presenting this Thursday the 29th of September at the Optimizely community meetup. For the full details and RSVP's see the...

Ynze | Sep 27, 2022 | Syndicated blog

Preview multiple Visitor Groups directly while browsing your Optimizely site

Visitor groups are great - it's an easy way to add personalization towards market segments to your site. But it does come with it's own set of...

Allan Thraen | Sep 26, 2022 | Syndicated blog

The Report Center is finally back in Optimizely CMS 12

With Episerver.CMS.UI 12.12.0 the Report Center is finally re-introduced in the core product.

Tomas Hensrud Gulla | Sep 26, 2022 | Syndicated blog

Dynamic Route in ASP.NET Core When MapDynamicControllerRoute Does Not Work

Background Creating one of the add-on for Optimizely I had to deal with challenge to register dynamically route for the API controller. Dynamic rou...

valdis | Sep 25, 2022 | Syndicated blog