I have an asp.net core 2.1 application with angular cli. It is backed with a web api project. I have two websites www.example.com/angular and test.example.com/angular.
When I log into www.example.com/angular and have a look in the application cookie list I see the ASP.NET_SessionId for domain www.example.com as I would expect.
When I then go to my test.example.com/angular, different server, and I log in and have a look at the cookies I see two ASP.NET_SessionId cookies. one for test.example.com and one for www.example.com. I do not expect this second cookie to show up.
We have moments when my asp.net core application is retrieving wrong session ID.
The strange thing is that the MVC application on root do not share these cookies.
