Last post Mar 10, 2010 07:37 PM by ihijazi
Mar 08, 2010 12:22 PM|ssj_costy|LINK
I have two websites (domain and subdomain), something like this: www.website.ro and
en.website.ro and I am trying to share a cookie between them. I have set the cookie domain to
"website.ro", I tried setting it to ".website.ro", but it doesn't work. I can only read the cookie in the website that created it.
Mar 08, 2010 07:24 PM|ihijazi|LINK
Same here.. except that i'm not trying to move between subdomains.
say i got www.example.com/login.aspx
got authenticated, and now i'm logged in
say there is a page called details.aspx.. so we have http://www.example.com/details.aspx
details.aspx is only allowed to be viewed by members.. if i renamed the url to http://example.com/details.aspx, it redirects me to the login.. and when i login it creates new session.. so we have two sessions now. if i logout out of the one without www,
i'm still logged in the one with www.exam...
This is driving me insane!! I tried EVERYTHING that could be done. nothing worked.. and made sure dns for both www and wwwless are pointing to the same IP.. and IIS is configured right too..
Mar 09, 2010 10:01 AM|ihijazi|LINK
Well after some researches and some testing here you go:
It is common to see a number of different sub domains from the same organization due to marketing or administrative needs, just like the following samples:
They are all third-level domains (sub domains) under the same second level domain
mysite.com. Suppose all applications have the machine key properly set up for single sign-on, as discussed in the last section. However, you’ll find out that single sign-on does not work. A user who logs into app1 at
public.mysite.com will still be required to log in at art.mysite.com and at
www.mysite.com. This is because the authentication cookie created in app1 during login has, as a default, the domain attribute of
public.mysite.com, which makes it not visible at both art.mysite.com and
To make the authentication cookie visible at all other sub domains, we need to modify the cookie’s domain attribute to point to its second-level domain –
mysite.com. The following code does just that. This modification makes the single sign-on within the second level domain,
mysite.com, a reality.
//call SetAuthCookie method to log in. A forms authentication cookie is created. // Domain name in the cookie defaults to the subdomain where the application residesFormsAuthentication.SetAuthCookie(txtUserName.Text, false);//modify the Domain attribute of the cookie to the second level domainSystem.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), false);MyCookie.Domain = “mysite.com”;//the second level domain nameResponse.AppendCookie(MyCookie);The above same applies to if adding or removing the "www" part.Please mark as answer if helped.Enjoy :)
Mar 09, 2010 10:10 AM|ssj_costy|LINK
Well, that's exactly what I'm doing, but I use a custom authentication system.
When I login, I create a cookie with cookie.Domain = "website.com". But when I go to the other subdomain, if I do HttpCookie cookie = Request.Cookies.Get("userID") I get a NULL value!!!
So that doesn't work.
Mar 09, 2010 01:04 PM|ihijazi|LINK
when creating the cookie, add the three subdomains:
cookie.Domain = "website.com";
cookie.Domain = "www.website.ro";
cookie.Domain = "website.ro";
of course along the other options.. and add to the response.
Let me know how it goes.
Mar 10, 2010 07:37 PM|ihijazi|LINK
Ok, I think I might just got you wrong. Forget about my previous replies
1. Look, to share a cookie between multiple asp.net applications, as in different ones. you have to specify the machine key the same for BOTH in their web.config (if yes, google the "same machine key" thing for multiple asp.net app)
2. If it is the same application (one application), but you have different names (subdomains) to access it, you need to define the second level domain name in the web.config (website.com is second level, www.website.com is third level, etc..). ex:
<forms cookieless="AutoDetect" timeout="40" slidingExpiration="true" loginUrl="login.aspx" name="blahname" path="/" protection="All" domain="website.ro">
Once defined, go back to yout code behid and make ur cookie, ex:
//create the forms tickets (a cookie)
tkt = new FormsAuthenticationTicket(1, username, DateTime.Now,
//store a cookie at the clients side after we encrypt it's content
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
ck.Expires = tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
if (!HttpContext.Current.Request.Url.Host.Contains("localhost")) //this check to make ur life easier on development
ck.Domain = "website.com";
//do whatever u want here, such as redirect.
3. For the logout, to extra make sure all is gone, use this:
I have tested the above LIVE. and it worked like a charm.
It SHOULD work out for you.