The first answer in this question: Session is lost and created as new in every servlet request is valid, however users in an intranet are very familiar no to type the whole domain in the URL. It will be very useful to configure the browser so they accept the URL without the domain and still keep the session.
Asked
Active
Viewed 536 times
2 Answers
0
According to this article: Cookie attributes- Domain and Path, you can know that the Domain attribute defines the scope of the cookie. It lets the browser know which website the cookie belongs to. If the server does not specify the domain of the cookie, it will default to the domain of the requested resource.
Therefore, I think your requirement cannot be implemented.
Xudong Peng
- 1,463
- 1
- 4
- 9
0
The decision was not to the browser, but to the Web.config file in the ASP.NET application. For a different issue we had to add the text cookieSameSite="None" to the SessionState tab in Web.config file on May 2020. Time came and apparently a new update of the browsers caused the application lost the session because it did not create the cookie with SessionID as ASP.NET need, unless we specify the whole domain in the URL.
That said we have 2 solutions: Remove the cookieSameSite="None" from Web.Config file or Type the whole domain in the address of the application.
From the 2 solutions the first one was not possible in our case, because the ASP.NET app is inside an iframe tab and without cookieSameSite="None" it does not keep the session, so we included the whole domain name inside the html page using iframe as src="myServer.MyDomain/MyApp/"
Raul Echevarria
- 1
- 1
-
Thanks for posting the solution for this issue. You can mark your answer as an accepted answer, when it is available to mark. It can help other community members in future in similar kind of issues. Thanks for your understanding. – Xudong Peng Aug 26 '21 at 02:22