I have two websites (domain and subdomain), something like this: www.website.ro and
en.website.ro and I am trying to share a cookie between them. I have set the cookie domain to
"website.ro", I tried setting it to ".website.ro", but it doesn't work. I can only read the cookie in the website that created it.
Same here.. except that i'm not trying to move between subdomains.
say i got www.example.com/login.aspx
got authenticated, and now i'm logged in
say there is a page called details.aspx.. so we have http://www.example.com/details.aspx
details.aspx is only allowed to be viewed by members.. if i renamed the url to http://example.com/details.aspx, it redirects me to the login.. and when i login it creates new session.. so we have two sessions now. if i logout out of the one without www,
i'm still logged in the one with www.exam...
This is driving me insane!! I tried EVERYTHING that could be done. nothing worked.. and made sure dns for both www and wwwless are pointing to the same IP.. and IIS is configured right too..
Well after some researches and some testing here you go:
It is common to see a number of different sub domains from the same organization due to marketing or administrative needs, just like the following samples:
http://public.mysite.com/app1/default.aspx
http://art.mysite.com/app2/default.aspx
http://www.mysite.com/app3/default.aspx
They are all third-level domains (sub domains) under the same second level domain
mysite.com. Suppose all applications have the machine key properly set up for single sign-on, as discussed in the last section. However, you’ll find out that single sign-on does not work. A user who logs into app1 at
public.mysite.com will still be required to log in at art.mysite.com and at
www.mysite.com. This is because the authentication cookie created in app1 during login has, as a default, the domain attribute of
public.mysite.com, which makes it not visible at both art.mysite.com and
www.mysite.com.
To make the authentication cookie visible at all other sub domains, we need to modify the cookie’s domain attribute to point to its second-level domain –
mysite.com. The following code does just that. This modification makes the single sign-on within the second level domain,
mysite.com, a reality.
//call SetAuthCookie method to log in. A forms authentication cookie is created. // Domain name in the cookie defaults to the subdomain where the application resides FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
//modify the Domain attribute of the cookie to the second level domain System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), false); MyCookie.Domain = “mysite.com”;//the second level domain name Response.AppendCookie(MyCookie);
The above same applies to if adding or removing the "www" part.
Well, that's exactly what I'm doing, but I use a custom authentication system.
When I login, I create a cookie with cookie.Domain = "website.com". But when I go to the other subdomain, if I do HttpCookie cookie = Request.Cookies.Get("userID") I get a NULL value!!!
Ok, I think I might just got you wrong. Forget about my previous replies
1. Look, to share a cookie between multiple asp.net applications, as in different ones. you have to specify the machine key the same for BOTH in their web.config (if yes, google the "same machine key" thing for multiple asp.net app)
2. If it is the same application (one application), but you have different names (subdomains) to access it, you need to define the second level domain name in the web.config (website.com is second level, www.website.com is third level, etc..). ex:
<forms cookieless="AutoDetect" timeout="40" slidingExpiration="true" loginUrl="login.aspx" name="blahname" path="/" protection="All" domain="website.ro">
Once defined, go back to yout code behid and make ur cookie, ex:
//create the forms tickets (a cookie)
tkt = new FormsAuthenticationTicket(1, username, DateTime.Now,
bindTime, persist,
myName);
//store a cookie at the clients side after we encrypt it's content
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (persist)
ck.Expires = tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
if (!HttpContext.Current.Request.Url.Host.Contains("localhost")) //this check to make ur life easier on development
{
ck.Domain = "website.com";
}
myHTTPcontext.Response.Cookies.Add(ck);
//do whatever u want here, such as redirect.
3. For the logout, to extra make sure all is gone, use this:
FormsAuthentication.SignOut();
Roles.DeleteCookie();
Session.Clear();
Response.Redirect("default.aspx", true);
I have tested the above LIVE. and it worked like a charm.
ssj_costy
0 Points
24 Posts
Can't share cookie between domain and subdomain
Mar 08, 2010 12:22 PM|LINK
Hi,
I have two websites (domain and subdomain), something like this: www.website.ro and en.website.ro and I am trying to share a cookie between them. I have set the cookie domain to "website.ro", I tried setting it to ".website.ro", but it doesn't work. I can only read the cookie in the website that created it.
ihijazi
Member
26 Points
4 Posts
Re: Can't share cookie between domain and subdomain
Mar 08, 2010 07:24 PM|LINK
Same here.. except that i'm not trying to move between subdomains.
say i got www.example.com/login.aspx
got authenticated, and now i'm logged in
say there is a page called details.aspx.. so we have http://www.example.com/details.aspx
details.aspx is only allowed to be viewed by members.. if i renamed the url to http://example.com/details.aspx, it redirects me to the login.. and when i login it creates new session.. so we have two sessions now. if i logout out of the one without www, i'm still logged in the one with www.exam...
This is driving me insane!! I tried EVERYTHING that could be done. nothing worked.. and made sure dns for both www and wwwless are pointing to the same IP.. and IIS is configured right too..
ANYONE?
ihijazi
Member
26 Points
4 Posts
Re: Can't share cookie between domain and subdomain
Mar 09, 2010 10:01 AM|LINK
Well after some researches and some testing here you go:
It is common to see a number of different sub domains from the same organization due to marketing or administrative needs, just like the following samples:
They are all third-level domains (sub domains) under the same second level domain mysite.com. Suppose all applications have the machine key properly set up for single sign-on, as discussed in the last section. However, you’ll find out that single sign-on does not work. A user who logs into app1 at public.mysite.com will still be required to log in at art.mysite.com and at www.mysite.com. This is because the authentication cookie created in app1 during login has, as a default, the domain attribute of public.mysite.com, which makes it not visible at both art.mysite.com and www.mysite.com.
To make the authentication cookie visible at all other sub domains, we need to modify the cookie’s domain attribute to point to its second-level domain – mysite.com. The following code does just that. This modification makes the single sign-on within the second level domain, mysite.com, a reality.
<div id="premain3" style="width: 100%; cursor: pointer;">Collapse</div>www authenicate domains sub domains
ssj_costy
0 Points
24 Posts
Re: Can't share cookie between domain and subdomain
Mar 09, 2010 10:10 AM|LINK
Well, that's exactly what I'm doing, but I use a custom authentication system.
When I login, I create a cookie with cookie.Domain = "website.com". But when I go to the other subdomain, if I do HttpCookie cookie = Request.Cookies.Get("userID") I get a NULL value!!!
So that doesn't work.
ihijazi
Member
26 Points
4 Posts
Re: Can't share cookie between domain and subdomain
Mar 09, 2010 01:04 PM|LINK
when creating the cookie, add the three subdomains:
cookie.Domain = "website.com";
cookie.Domain = "www.website.ro";
cookie.Domain = "website.ro";
of course along the other options.. and add to the response.
Let me know how it goes.
ihijazi
Member
26 Points
4 Posts
Re: Can't share cookie between domain and subdomain
Mar 10, 2010 07:37 PM|LINK
Ok, I think I might just got you wrong. Forget about my previous replies
1. Look, to share a cookie between multiple asp.net applications, as in different ones. you have to specify the machine key the same for BOTH in their web.config (if yes, google the "same machine key" thing for multiple asp.net app)
2. If it is the same application (one application), but you have different names (subdomains) to access it, you need to define the second level domain name in the web.config (website.com is second level, www.website.com is third level, etc..). ex: <forms cookieless="AutoDetect" timeout="40" slidingExpiration="true" loginUrl="login.aspx" name="blahname" path="/" protection="All" domain="website.ro">
Once defined, go back to yout code behid and make ur cookie, ex:
//create the forms tickets (a cookie) tkt = new FormsAuthenticationTicket(1, username, DateTime.Now, bindTime, persist, myName); //store a cookie at the clients side after we encrypt it's content cookiestr = FormsAuthentication.Encrypt(tkt); ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr); if (persist) ck.Expires = tkt.Expiration; ck.Path = FormsAuthentication.FormsCookiePath; if (!HttpContext.Current.Request.Url.Host.Contains("localhost")) //this check to make ur life easier on development { ck.Domain = "website.com"; } myHTTPcontext.Response.Cookies.Add(ck); //do whatever u want here, such as redirect. 3. For the logout, to extra make sure all is gone, use this: FormsAuthentication.SignOut(); Roles.DeleteCookie(); Session.Clear(); Response.Redirect("default.aspx", true);I have tested the above LIVE. and it worked like a charm.
It SHOULD work out for you.
Enjoy :)
authenicate sub domains multiple domain