ASP.NET MVC site and cookies with same name but different domains
I have this issue where a cookie never gets set because I believe it's using the wrong one. This is happening on play.exposureevents.store. I have no idea how, but a exposureevents.com cookies is available on this domain somehow. I believe when trying to authenticate it is using the .exposureevents.com cookie and never setting the correct cookie. Is there a way in ASP.NET to either remove the wrong cookie, or set the correct one?
Create Cookie On Login
public SiteMemberModel CreateAuthenticationCookie(string username, Guid userId, string roles)
{
var member = GetMemberProfile(userId, username);
var ticket = new FormsAuthenticationTicket(
2,
username,
DateTime.Now,
DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
false,
JsonConvert.SerializeObject(member, Formatting.None),
FormsAuthentication.FormsCookiePath);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket))
{
Secure = true,
Path = FormsAuthentication.FormsCookiePath,
SameSite = SameSiteMode.None
};
if (!HttpContext.Current.Request.IsLocal)
{
cookie.Domain = Helper.GetDomain();
}
if (ticket.IsPersistent)
cookie.Expires = ticket.Expiration;
HttpContext.Current.Response.Cookies.Add(cookie);
return member;
}
Web.config
<httpCookies requireSSL="true" sameSite="None" />
<authentication mode="Forms">
<forms loginUrl="/login" path="/" cookieSameSite="None" requireSSL="true" protection="All" timeout="2880" slidingExpiration="true" name="_EXPOSURE_" />
</authentication>
Since .NET 4.8 doesn't give you a way to update a cookie via a domain name with same cookie name back to the response, we went with a different cookie name for the actual other domains. This seems to be working great and had no issues changing it in the Web.config since it had it's own.
- bootstrap modal+ajax+jquery+validation+.net core 2.0
- Run web service API on same or separate servers?
- Join Date and Time to DateTime in VB.NET
- The Id cannot be computed, since the navigation source 'values' cannot be resolved to a known entity set from model
- C# HttpClient's PostAsync fails when HttpRuntime's TargetFramework is set to 4.8
- Chargify how can get total transactions of between two dates?
- Dynamic property type based on value of another property
- Using tinyurl.com in a .Net application ... possible?
- Swagger different classes in different namespaces with same name don't work
- Reference to IExceptionHandler interface not being resolved from Microsoft.AspNetCore.Diagnostics
- Improve Performance of initial page load time with Blazor Webassembly
- OAuth2 WebApi Token Expiration
- IIS API - Create virtual directories?
- Cannot drop database because it is currently in use
- How do I find type of c# project from Visual Studio?
- Calling Javascript from a SSR Page Blazor .NET core
- Blazor webassembly pwa session storage not persisting after deployment to Azure
- How to determine whether an IP address is private?
- How to access ASP.NET Swagger API published in Docker?
- Identity Server 4 ASP.NET Quickstart 'refused connection'
- How to get a List of valid currencies from Stripe
- Strange behaviour of ViewState
- HttpResponse content with bad encoding
- Display bytes as images on an .aspx page
- Class in App_Code not accessible
- Accessing a Class that is NOT declared in App_Code in ASP.NET
- Classes residing in App_Code is not accessible
- Is it possible to use SignalR on a Node.js backend?
- What does "cannot be marshaled by the runtime marshaler" mean?
- Add a column to a gridview associated with an SQL data source [C#/ASP/Webform]