0

I have a web app that redirects to another one. The 2 apps are on separate subdomain like: *redir.second.main.com* *landing.second.main.com* The first app needs to write a cookie for the second one.

    var cookie = new HttpCookie("cookie_name", cookie_value);
    cookie.Domain = ".second.main.com";
    cookie.Expires = DateTime.UtcNow.AddMinutes(2);
    cookie.HttpOnly = false;
    cookie.Secure = true;
    Response.SetCookie(cookie);
    var redirectUrl = "https://landing.second.main.com/page";
    
    return Redirect(redirectUrl);

I think the problem is Domain, I tried .second.main.com .main.com landing.second.main.com

but the cookie does not get written, like it was another domain. What am I missing here?

UPDATE 1:

Followed this one Share cookie between subdomain and domain but it doesn't seem to work for me

UPDATE 2

From comments I've been suggested to check the way I read the cookie, but beyond the way I do that, I cannot see the cookie in the browser, so I know the cookie is not getting written, and not that I cannot read it.

d4m10
  • 1
  • 1
  • 1
    Does this answer your question? [Share cookie between subdomain and domain](https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain) – quaabaam Jul 15 '21 at 16:54
  • When you set the cookie domain property, ".main.com" should work for all subdomains and tld according to this [rfc](https://datatracker.ietf.org/doc/html/rfc6265) I think the problem, if you are still not seeing the cookie on all, is likely not in the domain field. – Ben Matthews Jul 15 '21 at 17:03
  • @quaabaam I think I have the same implementation of that answer, but .main.com doesn't seem to propagate to the other subdomains, same with .second.main.com. – d4m10 Jul 15 '21 at 17:43
  • @BenMatthews that code works with localhost and a couple of fake 3rd level domain on localhost – d4m10 Jul 15 '21 at 17:54
  • @Dam So it works locally, but not when pushed to prod? Makes me think even more it is something outside of your code. Could you share the client code where you try to read the cookie and on which domain? Perhaps there is a nuance there that is the culprit. – Ben Matthews Jul 15 '21 at 18:16

0 Answers0