I have this issue where a cookie never gets set because I believe it's using the wrong one. This is happening on play.exposureevents.store. I have no idea how, but a exposureevents.com cookies is available on this domain somehow. I believe when trying to authenticate it is using the .exposureevents.com cookie and never setting the correct cookie. Is there a way in ASP.NET to either remove the wrong cookie, or set the correct one?
Create Cookie On Login
public SiteMemberModel CreateAuthenticationCookie(string username, Guid userId, string roles)
{
var member = GetMemberProfile(userId, username);
var ticket = new FormsAuthenticationTicket(
2,
username,
DateTime.Now,
DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
false,
JsonConvert.SerializeObject(member, Formatting.None),
FormsAuthentication.FormsCookiePath);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket))
{
Secure = true,
Path = FormsAuthentication.FormsCookiePath,
SameSite = SameSiteMode.None
};
if (!HttpContext.Current.Request.IsLocal)
{
cookie.Domain = Helper.GetDomain();
}
if (ticket.IsPersistent)
cookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
return member;
}
Web.config
<httpCookies requireSSL="true" sameSite="None" />
<authentication mode="Forms">
<forms loginUrl="/login" path="/" cookieSameSite="None" requireSSL="true" protection="All" timeout="2880" slidingExpiration="true" name="_EXPOSURE_" />
</authentication>
