If you haven't configured at least one of the two applications to use a non-default cookie name, they will both try to use the same cookie name ".ASPXAUTH", and if by "on the same server" you mean they are accessed using the same hostname, then logging into one will overwrite the cookie of the other.
Try overriding the cookie name in your Web.config, something like this:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".FOOASPXAUTH" />
</authentication>
And in the other application:
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".BARASPXAUTH" />
</authentication>