I have a list of subdomains on my site that the user can select. I want to create a cookie for the selected subdomain, not all subdomains.
Assuming my site is mysite.com, the user could see
- domainOne.mysite.com
- domainTwo.mysite.com
When they selected their subdomain, I do the following in the controller action
var faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket)
faCookie.HttpOnly = true
faCookie.Domain = (subdomain + ".mysite.com")
faCookie.Secure = FormsAuthentication.RequireSSL
response.Cookies.Add(faCookie)
return this.Redirect("http://" + subdomain + ".mysite.com")
where encTicket is just some encrypted user information
In fiddler, I see this as an answer
HTTP/1.1 302 Found
Cache-Control: private, s-maxage=0
Content-Type: text/html; charset=utf-8
Location: http://domainOne.mysite.com
Server: Microsoft-IIS/8.0
X-AspNetMvc-Version: 4.0
X-AspNet-Version: 4.0.30319
Set-Cookie: .ASPXAUTH=9ECF5B2533<snip>; domain=domainOne.mysite.net; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Fri, 19 Jul 2013 04:19:02 GMT
Content-Length: 142
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://domainOne.mysite.net">here</a>.</h2>
</body></html>
ok, so everything looks good to me here. The reaction tells the browser to add a cookie for the subdomain. However, the subsequent redirect-based GET does not have a cookie in its request at all.
- , ? , cookie root (.mydomain.com), .