两套一样的代码搭建两个站点，共用一个应用程序池导致站点互踢的问题

给其中一个站点增加如下的name配置。这个name会作为站点身份验证信息的HttpCookie的name

 

 

 

另一个站点不指定(也可以指定为另外一个名字)。如果不指定，默认都是.ASPXAUTH

 

ASP.Net_SessionId/ASPXAUTH相关信息：

https://stackoverflow.com/questions/23758704/asp-net-sessionid-vs-aspxauth-why-do-we-need-both-of-them/23759403

The ASP.Net_SessionId identifies the session for that users request. A different user will submit a different cookie and thus Session["FirstName"] will hold a different value for that different user.

ASPXAUTH is a cookie to identify if the user is authenticated (that is, has their identity been verified). For example, a controller action may determine if the user has provided the correct login credentials and if so issue a authentication cookie using:

FormsAuthentication.SetAuthCookie(username, false);

Then later you can check if the user is authorised to perform an action by using the [Authorize] attribute which checks for the presence of the ASPXAUTH cookie.

So in summary, the cookies are there for 2 different purposes. One to determine the users session state and one to determine if the user is authenticated.

 

https://stackoverflow.com/questions/423467/what-is-aspxauth-cookie
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];//.ASPXAUTH
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);