Click here to Skip to main content
15,064,093 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Let my site be mysite.com. After users logged in mysite.com and then try visiting www.mysite.com they have to login again. Somehow url is regarded different with and without www.

How can I read/write the same cookie for the urls with and without www?

To solve this I set domain of my cookie as ".mysite.com"

In Internet Explorer, when I log-in to www.mysite.com, I also logged in to mysite.com. However it doesn't work on Chrome.

What I had done:

* Set domain of cookie as .mysite.com (It was created successfully)

* Gave a name to Cookie other than AUTHASPX.

I wrote the following code:

<br />
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(<br />
          2,                                     <br />
          username,                      <br />
          DateTime.Now,                         <br />
          rememberMe ? DateTime.Now.AddYears(1) : DateTime.Now.AddHours(1),           <br />
          rememberMe,                               <br />
          loginKey,                              <br />
          FormsAuthentication.FormsCookiePath); <br />
<br />
    // Encrypt the ticket using the machine key<br />
    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);<br />
<br />
    // Add the cookie to the request to save it<br />
    HttpCookie authCookie = new HttpCookie("CookieName", encryptedTicket);<br />
    authCookie.HttpOnly = true;<br />
    authCookie.Expires = rememberMe ? authTicket.Expiration : DateTime.Now.AddHours(1);<br />
    authCookie.Domain = ".mysite.com";<br />
<br />
    response.Cookies.Add(authCookie);<br />
<br />


Authentication is done via the following code:

<br />
HttpCookie authCookie = Context.Request.Cookies.Get("CookieName");<br />
        if (authCookie == null || string.IsNullOrEmpty(authCookie.Value))<br />
        {<br />
            LogoutAndRedirectToLogin();<br />
            return;<br />
        }<br />
<br />
        FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);<br />
        if (authTicket == null)<br />
        {<br />
            LogoutAndRedirectToLogin();<br />
            return;<br />
        }<br />
<br />
        string loginKey = authTicket.UserData;</pre><br />


What I have tried:

Set domain of cookie as .mysite.com (It was created successfully)

Gave a name to Cookie other than AUTHASPX.
Posted
Updated 11-Jan-17 1:02am

1 solution

Look at this link, you'll find others if you google "aspx forms authentication subdomain"

c# - Forms Authentication across Sub-Domains - Stack Overflow[^]

The trick is to change the "domain" of the auth cookie so that it matches anything that ends in your domain so that "www.domain.com" and also "domain.com" both work.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900