Menu
By default, ASP.NET will set its cookies to use "mydomain.com" as their base. I'd prefer to have them use "www.mydomain.com" instead, so that I can have other "sub.mydomain.com" subdomains that are cookie-free.
I've done some digging into the Session and Cookie objects, and while I can find how to set the domain for a single cookie, I don't see a way to set it for all Session cookies.
Anybody ideas?
530
Create a ISessionIDManager, since you only want to change the cookie domain we will let the default one do all the work.
This is configured in web.config on the sessionState element under <system.web>.
<sessionState sessionIDManagerType="MySessionIDManager" />
And the implementation.
public class MySessionIDManager: SessionIDManager, ISessionIDManager
{
void ISessionIDManager.SaveSessionID( HttpContext context, string id, out bool redirected, out bool cookieAdded )
{
base.SaveSessionID( context, id, out redirected, out cookieAdded );
if (cookieAdded) {
var name = "ASP.NET_SessionId";
var cookie = context.Response.Cookies[ name ];
cookie.Domain = "example.com";
}
}
}
I realise this is an old question, but could you use the domain attribute of the httpCookies configuration section instead of doing this in code?
<httpCookies domain="String"
httpOnlyCookies="true|false"
requireSSL="true|false" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
