find a location for property in a new city

Wednesday 6 October 2010

ASP.NET Authentication cookie not persisting across servers and subdomains

Recently some internal users have started complaining about being sporadically logged out and having to log in again when accessing a different server or different sub domain. It seems like the ASP.NET security cookie is not being persisted between live production servers and development servers.

I noticed a pattern to the seemingly spurious logging out and having to log in again:

  • Log in on live or if you are already logged in. Fine.
  • Log in on your development machine. (Oh that's weird, I thought I was logged in... but okay maybe I wasn't). Fine.
  • Refresh your page on the live site and I need to login again.

Why won't my cookie persist?! Why am I being logged out?

This has started happening since the recent ASP.NET security fix was put on our servers. Apparently it is something to do with changing the necessary authentication cookie. I guess in case you were already exploited before the security fix went out. Anyway, if you are swapping between non-patched development servers and patched production servers you're cookie will NOT persist and you will be asked to log in again if authentication or authorization is demanded by your page.

So either:
  1. Install the patch on all servers as per the ASP.NET team's advice
  2. OR be content with the fact that your customers won't have the problem. (Unless you have both patched and non-patched servers in your web farm)

Follow britishdev on Twitter


  1. Thanks so much for this info! Wish I saw this page 5 hours earlier =D


  2. فني صحي
    نقل عفش الكويت شركة نقل عفش بالكويت
    فني صحي الكويت فنى صحى بالكويت
    شركة تسليك مجارى الكويت تنكر سحب مجاري الكويت
    سباك الكويت سباك صحي بالكويت

    شركة تنظيف الكويت افضل شركة تنظيف الكويت
    شركة غسيل سجاد الكويت شركة غسيل سجاد الكويت
    شركة تنظيف الجهراء شركة تنظيف منازل بالجهراء

  3. It is worth noting that even in areas such as software development and everything related to IT, you need a qualified HR specialist who can develop a team and hire new employees. Sometimes companies choose outsourced HR services because they do not want to hire a person for a permanent job. And this approach is the best choice for many.