How can I share session among subdomains in ASP.NET Core?

9
votes

I have a website which has subdomains such as ali.sarahah.com but if a user logs in from www.sarahah.com then goes to ali.sarahah.com the session is not saved. After searching I added the following in Startup.cs:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    CookieDomain = ".sarahah.com"
});

I found out that .AspNetCore.Identity.Application cookie domain is still showing the subdomain and not the the domain and that session problem is still there.

Am I doing something wrong?

3
c#cookiesasp.net-coreasp.net-core-mvcmiddleware

3 Answers

7
votes

I think you need to remove the leading . in the domain assignment as detailed in this GitHub issue:

app.UseCookieAuthentication(
    new CookieAuthenticationOptions
    {
        // Note that there is no leading .
        CookieDomain = "sarahah.com",
        CookieSecure = CookieSecurePolicy.None
    });

See the CookieAuthenticationOptions for the various properties.

2
votes

I was able to solve it by adding this to ConfigureServices method in Startup.cs:

        services.AddIdentity<ApplicationUser, IdentityRole>(options =>
        {
            options.Cookies.ApplicationCookie.CookieDomain = ".yourdomain.com";
            options.Cookies.ApplicationCookie.CookieSecure = Microsoft.AspNetCore.Http.CookieSecurePolicy.None;
        })

The CookieSecure part is because my site moves between http and https in different pages.

Thank you :)

2
votes

In case someone is looking for a solution to this problem using ASP.NET Core 2.0. You can set the cookie domain via the CookieAuthenticationOptions in your ConfigureServices method when adding the authentication services.

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.Cookie.Domain = ".yourdomain.com";
        });