This project has moved. For the latest updates, please go here.

Subdomain cookie

Sep 20, 2013 at 6:44 PM

I'm using subdomains (via custom routes) for the same application and am not able to share the .AspNet.Application session cookie between the subdomain and the primary domain.

In the web.config I set <httpcookies domain="" /> but it doesn't seem to have any effect on the .AspNet.Application cookie. I am able to share the _RequestVerificationToken cookie between subdomain and primary, but not the .AspNet.Application. I think this one is generated by Owin and it's using the domain "" rather than "" I can't figure out how to set the domain for this cookie or where it's getting set.

Any help is appreciated!

Sep 20, 2013 at 9:02 PM
Have you tried CookieAuthenticationOptions.CookieDomain?
Sep 20, 2013 at 9:16 PM
Yes; that didn't seem to change it. I really just want to use app.UseSignInCookies() default implementation but specificy "" instead of whatever it's using by default (which doesn't seem to work in a subdomain setup).

Thanks for responding back so quickly.

Sep 27, 2013 at 2:17 PM
A short example/snippet would be greatly appreciated!

Sep 27, 2013 at 3:11 PM
I believe the UseSignInCookies extension method is going away in the release version. The template should be using UseCookieAuthenticatuon with a new CookieAuthenticationOptions parameter, so that's where you will set the CookieDomain property