Sharing ASP.NET cookies across sub-domains
Solution 1:
set the property of Domain to ".mydomain.com" in each Cookies of two subdomains websites
like
Response.Cookies["test"].Value = "some value";
Response.Cookies["test"].Domain = ".mysite.com";
UPDATE 1
in Site
HttpCookie hc = new HttpCookie("strName", "value");
hc.Domain = ".mydomain.com"; // must start with "."
hc.Expires = DateTime.Now.AddMonths(3);
HttpContext.Current.Response.Cookies.Add(hc);
In Site B
HttpContext.Current.Request.Cookies["strName"].Value
Try It
Regards
Solution 2:
Add new cookie and specify domain like this
HttpCookie cookie = new HttpCookie("cookiename", "value");
cookie.Domain = "domain.com";
For forms authentication set this in web.config
<forms name=".ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
domain="domain.com">
</forms>
The cookie will be accessible to all the subdomains.
In order for each domain to decrypt the the cookie, all web.config files must use the same encryption/decryption algorithm and key. (how to create a machine key)
Example:
// do not wrap these values like this in the web.config
// only wrapping for code visibility on SO
<machineKey
validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75
D7AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281
B"
decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719
F"
validation="SHA1"
decryption="AES"
/>
For easier deployments, these values can be stored in a separate file:
<machineKey configSource="machinekey.config"/>
For added security you can also encrypt the machine key for further protection..
Solution 3:
If you're using Forms authentication on all of your sub domains, all you need to do is to add domain=".mydomain.com" property to the <forms> node in your web.config
Note the leading period in .mydomain.com
This simple change by itself will make your authentication cookie valid in all sub-domains; no need to manually set any cookies.