NetTalk Central

Author Topic: [Edit] Session/Logged In Issue with multiple servers on same domain  (Read 11880 times)

Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Hi Folks/Bruce,

I have two sites on the "mydomain.com" domain.

Site A - Intranet (www.mydomain.com), logging in
Site B - Intranet (https://subdomain.mydomain.com:88), logging in

1. Visit Site A, log in.
2. New tab on browser (chrome, firefox, IE), visit Site B, log in.
3. Return to Site A, have been logged out.

It seems like when I visit one or the other sites after visiting the other, the Session is cleared somehow?

Grateful for any wisdom/experience on this matter.

Cheers.
« Last Edit: March 16, 2014, 07:09:54 PM by Stu »
Cheers,

Stu Andrews

Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #1 on: March 16, 2014, 07:10:27 PM »
** Edited above after doing some more testing revealed it's having 2 being logged in at the same time (not just visiting a public site).
Cheers,

Stu Andrews

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11321
    • View Profile
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #2 on: March 16, 2014, 11:17:41 PM »
The subdomains share the same cookies.
Which means they'll all be using the same SessionID cookie.
If you have "change Session on Login or Logout" set on (WebServer Security tab) then I could definitely see this effect happening.

cheers
Bruce


Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #3 on: March 17, 2014, 02:03:27 PM »
Hey Bruce,

Okay, thanks for the info.

Can I change the way the cookies work then? Make them unique for a sub-domain?
Cheers,

Stu Andrews

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11321
    • View Profile
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #4 on: March 18, 2014, 06:17:35 AM »
I need to look into this a bit further. The short answer seems to be yes.

Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #5 on: March 18, 2014, 01:42:10 PM »
Awesome. Thanks Bruce.
Cheers,

Stu Andrews

Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #6 on: September 13, 2016, 06:16:33 PM »
Hey Bruce,

I know this is a couple of years back, the post, but have been testing a new website that while in testing is on the same sub-domain as our intranet, and unless I use different browsers / incognito (which is fine, am happy to do this), I get logged out of the intranet.

Back then you were talking about the possibility of cookies being different per sub domain.

However, what's happening at the moment is that the servers are on the same sub-domain, it's just that the PORT numbers are different.

So.

QUESTION 1: Would the "Bind Session to IP Address" option in the Webserver template also take the port number into consideration? (easy enough for me to test, which I'm doing now)

[Edit] Didn't seem to recognise the port in testing, so probably not a question that needs asking.

QUESTION 2: If not, is there any way we could have the option to put a custom prefix/suffix on cookie names in the webserver template, to help out differentiate between two servers on the same domain/subdomain but different ports?

Cheers!
« Last Edit: September 13, 2016, 06:33:03 PM by Stu »
Cheers,

Stu Andrews

peterH

  • Sr. Member
  • ****
  • Posts: 413
    • View Profile
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #7 on: September 13, 2016, 11:57:28 PM »
Hi Stu / Bruce,

I'd be very interested in a solution to this as I'm seing the same problem (being logged out)
I've got a second server on the same domain - using a different port - to do admin tasks and it doesn't play well at all  :(

Peter

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11321
    • View Profile
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #8 on: September 14, 2016, 11:18:37 PM »
It's worth seeing this from the browser point of view in order to understand what is, and is not, possible.

Firstly, I'm not sure if this was common knowledge, but you can do cookies by sub-domains now, there's a FOLDER setting for that. (Although I'm not sure that's been applied to session cookies.)

A good reference to understand cookies is https://en.wikipedia.org/wiki/HTTP_cookie and of particular interest to this discussion is https://en.wikipedia.org/wiki/HTTP_cookie#Implementation

From that you'll see that the IP address, and port number, play no part in cookies. They are differentiated solely on the domain, subdomain, and possibly folder.

So the short answer Stu - no it's not possible to separate cookies by port number. While you may run the servers on different ports it's recommended that you add a sub-domain pre additional port and perhaps just do a redirect to that subdomain when using the server on the other port.

Sorry.
Cheers
Bruce



Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #9 on: September 15, 2016, 04:15:44 PM »
Thanks Bruce.

So, just because I'm thick-headed and maybe not reading this right - There's no way to prepend or append a piece of text to a cookie-name on the server level, so we could have server-specific cookies?
Cheers,

Stu Andrews

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11321
    • View Profile
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #10 on: September 16, 2016, 03:27:01 AM »
Hi Stu,

so you're thinking along the lines of having _2_ cookies,
SessionIDA
and
SessionIDB
so although the servers share the same _domain_ they only use "their" session cookie, and ignore the other one?

That's a creative approach which I support might work. I would need to think about this...

Cheers
Bruce

Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #11 on: September 19, 2016, 01:57:23 AM »
Yes!

Fantastic, keep thinking :) This would be very very cool.
Cheers,

Stu Andrews

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11321
    • View Profile
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #12 on: September 20, 2016, 01:33:45 AM »
In 9.14 I've added a new property (SessionIDName) that you can set in webhandler in the ProcessRequest method, before the parent call.

example
p_web.SessionIDName = 'SessionIDA'

Be sure you embed that in ProcessRequest, before the parent call, not in ProcessLink.

I would recommend against changing the default, except in very specific cases such as the one you described.

Cheers
Bruce


Stu

  • Hero Member
  • *****
  • Posts: 510
    • View Profile
    • Email
Re: [Edit] Session/Logged In Issue with multiple servers on same domain
« Reply #13 on: September 20, 2016, 02:13:04 AM »
That's really cool Bruce, thank you.

What would be the dangers in changing this?
Cheers,

Stu Andrews