0

I have a very basic problem here, and absolutely no idea how to handle it.

Basically, forms authentication sets a cookie for my site at "domain.com", and works all fine until a point in my site where I redirect a user to a page at "www.domain.com/page" and then it doesn't recognize the authentication cookie. If works if I manually type in "domain.com/page", or if I go to the site using the full "www.domain.com", but it won't work between the two (with and without the "www" at the front). Is there a way around this?

Thanks for any help you guys can give!

Jack
  • 950
  • 2
  • 17
  • 36

1 Answers1

1

domain.com and www.domain.com are considered 2 different domains. Cookies created in one domain cannot be accessed from another.

There are 2 solutions to this problem:

1) Set the cookie's domain property to .domain.com (notice the .). With this setting, your cookie will be available to domain.com and domain.com's sub domains. Check this for more information. In web.config you can do something like this:

<authentication mode="Forms">
   <forms domain=".domain.com" />
</authentication>

2) Always redirect to 1 domain when users try to access your site. For example, when a user accesses domain.com/page, you redirect that user to www.domain.com/page => the cookie is always created for www.domain.com and your users always have to access www.domain.com

Community
  • 1
  • 1
Khanh TO
  • 48,509
  • 13
  • 99
  • 115