Subdomain cookie

Sep 20, 2013 at 6:44 PM
Hi,

I'm using subdomains (via custom routes) for the same application and am not able to share the .AspNet.Application session cookie between the subdomain and the primary domain.

In the web.config I set <httpcookies domain=".mydomain.com" /> but it doesn't seem to have any effect on the .AspNet.Application cookie. I am able to share the _RequestVerificationToken cookie between subdomain and primary, but not the .AspNet.Application. I think this one is generated by Owin and it's using the domain "mydomain.com" rather than ".mydomain.com." I can't figure out how to set the domain for this cookie or where it's getting set.

Any help is appreciated!

Thanks,
Jason
Coordinator
Sep 20, 2013 at 9:02 PM
Have you tried CookieAuthenticationOptions.CookieDomain?
Sep 20, 2013 at 9:16 PM
Yes; that didn't seem to change it. I really just want to use app.UseSignInCookies() default implementation but specificy ".mydomain.com" instead of whatever it's using by default (which doesn't seem to work in a subdomain setup).

Thanks for responding back so quickly.

Regards,
Jason
Sep 27, 2013 at 2:17 PM
A short example/snippet would be greatly appreciated!

-J
Coordinator
Sep 27, 2013 at 3:11 PM
I believe the UseSignInCookies extension method is going away in the release version. The template should be using UseCookieAuthenticatuon with a new CookieAuthenticationOptions parameter, so that's where you will set the CookieDomain property