Click here to Skip to main content
14,422,107 members
Rate this:
Please Sign up or sign in to vote.
I am creating airlines reservation system with online payment feature. For online payment, I have to redirect from my app to another domain(of another organisation that is looking after payment). After payment in successful, another domain again redirects to my app. Another domain is another URL.

The technical flow of my app is: On login page, I have one cookie i.e. __RequestVerificationToken. After login, I will have three - ASP.NET_SessionId, __RequestVerificationToken and 247Sewacookie (this is formsauthentication cookie). When application is redirected to my app from another domain, all cookies are gone. Therefore, application is redirected to login page since there will be no 247Sewacookie.
I have hosted my app in

How can I maintain cookie so that user need not to authenticated again?

What I have tried:

I have tried checking on chrome and edge browser.
F-ES Sitecore 22-Oct-19 6:24am
I'm not 100% sure of your overall flow, but cookies are only valid on the domain they were created, you can't have one site read cookies set by another site for security reasons. If you want multiple domains to recognise the same login you'll need to implement single sign on.
ZurdoDev 22-Oct-19 9:03am
You need something coming back from the reservation system to indicate who it is for.
Richard Deeming 22-Oct-19 10:08am
Do your cookies have the "SameSite" attribute set?
Preventing CSRF with the same-site cookie attribute[^]

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

I think the following link is explaining your problem please have a look at it..

Single Sign On (SSO) for cross-domain ASP.NET applications: Part-I - The design blue print[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100