We use ASP.NET and IIS 6.0. I understand that the definitions of applications, websites, and virtual directories are not defined in IIS 6 and vary greatly in IIS 7. However, I am stuck in IIS 6.0 at the moment.
We have one website defined in IIS and several separate sub-sites in virtual directories.
The diagram looks like this: -
http://site.example.com/site1 http://site.example.com/site2 .. etc ..
site1, site2, ... are virtual directories in IIS 6.0 under the "Default Web Site".
I need to use ASP.NET sessions and form authentication on most of these sites, and I do not want them to share authentication information or session information at all.
Both mechanisms are currently cookie dependent. However, the cookies created by default use the same name and have a path to "/" in the browser, that is, the cookies of the sites will conflict with each other.
Without changing the default name for each cookie, how can I ensure separation between my sub sites? Do I need to change virtual directories for IIS 6 "Applications"? Or is there some way in the code to provide a more limited area for cookies?
Thanks in advance.
source share