Håkan Lindqvist
Nov 22, 2010
  8817
(2 votes)

Running multiple EPiServer sites on different ports on the same host/domain

A setup where you have multiple sites running on different ports on the same host/domain can be handy for quick deployment of sites for testing/demoing/etc and does work fine for the most part.

However, there is an issue that you will likely run into with this kind of setup for ASP.NET sites using Forms authentication: the Forms login cookie will be shared between all of the sites.

 

The reason for this behavior is that Forms authentication by default uses cookies and that the cookie mechanism in HTTP can limit the scope of cookies by domain and/or path, but not by port.

As an example, taken from a local EPiServer CMS installation, the Forms login cookie may look something like this:
Set-Cookie: .EPiServerLogin=encryptedandsignedvaluehere; path=/; HttpOnly

Which in turn means that the client is supposed to send back the cookie for subsequent requests to the same host (regardless of port) for paths under “/”.

 

The preferred solution is to assign different domain names to the different sites, but if this is not practical a possible workaround for this particular problem is to assign different names for the actual login cookie for each site (the latter solution has the downside that the different login cookies will still be sent with requests to all of the sites, just without the normal interference, so if there is any kind of trust issues between the different sites this is not the way to go).


Changing the name of the login cookie is done by changing the name attribute of the configuration/system.web/authentication/forms element in web.config.

Please see http://msdn.microsoft.com/en-us/library/1d3t3c61.aspx for further information on the Forms authentication configuration.

Nov 22, 2010

Comments

tost
tost Nov 23, 2010 01:17 AM

Nice one Håkan! Personally I always set up my local sites with hostnames, bind them all to port 80 and map them in the hosts file. I usually give them names with "local" top level domain, e.g. http://demo.local. But if you for some reason can't do this, your solution is awesome.

Please login to comment.
Latest blogs
Custom form element view in Optimizely CMS 12

Do you want full control over the form element markup? Create your own views!

Tomas Hensrud Gulla | Dec 11, 2024 | Syndicated blog

How to Elevate Your Experimentation - Opticon workshop experience

As a non-expert in the field of experimentation, I’d like to share my feedback on the recent Opticon San Antonio workshop session titled "How to...

David Ortiz | Dec 11, 2024

Persisting a Strawberry Shake GraphQL Client for Optimizely's Content Graph

A recent CMS project used Strawberry Shake to generate an up-to-date C# GraphQL client at each build. But what happens to the build if the GraphQL...

Nicholas Sideras | Dec 11, 2024 | Syndicated blog

Opti ID with Secure Cookies And Third Party AddOns

Opti ID has revolutionised access to the Optimizely One suite and is now the preferred authentication method on all PAAS CMS websites that I build....

Mark Stott | Dec 9, 2024