I have a website which has subdomains such as ali.sarahah.com but if a user logs in from www.sarahah.com then goes to ali.sarahah.com the session is not saved. After searching I added the following in Startup.cs
:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieDomain = ".sarahah.com"
});
I found out that .AspNetCore.Identity.Application cookie domain is still showing the subdomain and not the the domain and that session problem is still there.
Am I doing something wrong?
I think you need to remove the leading .
in the domain assignment as detailed in this GitHub issue:
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
// Note that there is no leading .
CookieDomain = "sarahah.com",
CookieSecure = CookieSecurePolicy.None
});
See the CookieAuthenticationOptions
for the various properties.
I was able to solve it by adding this to ConfigureServices method in Startup.cs:
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Cookies.ApplicationCookie.CookieDomain = ".yourdomain.com";
options.Cookies.ApplicationCookie.CookieSecure = Microsoft.AspNetCore.Http.CookieSecurePolicy.None;
})
The CookieSecure part is because my site moves between http and https in different pages.
Thank you :)
In case someone is looking for a solution to this problem using ASP.NET Core 2.0. You can set the cookie domain via the CookieAuthenticationOptions
in your ConfigureServices
method when adding the authentication services.
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Domain = ".yourdomain.com";
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.