I want to share session cookie among domains.
I have more than one domain: -
1. mydomain.com
2. mydomain.fr
3. mydomain.de
4. mydomain.da
...and many other language based
Now, I have single website deployed on a server. I want to share session among the different domains on the single website. How do I achieve this?
I found on web <httpCookies domain=".mydomain.com" />
but it work with sub domains (like test.mydomain.com
and secure.mydomain.com
) but not for the different domains.
I also tried <httpCookies domain=".mydomain." />
but by this session stopped working.
Could anyone help me please?
You can't share cookies on domains that have different top level domain name.
This is only possible to do with subdomains.
mydomain.com
fr.mydomain.com
de.mydomain.com
da.mydomain.com
...
You cannot share a cookie between different domain directly. But there is one way to make it possible at some context. You can make JSONP request or loading an iframe in your JS. if you use iframe make a http POST call using form. Form tag has your another domain name as action and iframe name as a target. What form will do is it will load an ifram and the cookie of your different domain will come in your browser.
Code:
<iframe name="iframe-test" border="1px"></iframe>
<form id="iframe-form" target="iframe-test" action="http://differentdomain.com/setCookie" method="POST">
<input type="hidden" value="1234" name="token">
</form>
<script type="text/javascript">
function submitForm(){
var form = document.getElementById("iframe-form");
form.submit();
}
</script>
As Oded states you cannot share cookies across different top level domains. Therefore you may need to look into a different method of persisting sessions.
Swapping the Session State provider as danyolgiax proposes will not solve your issue as the session identification is still happening with cookies. Therefore you need to look into an approach such as cookieless sessions:
Cookieles sessions
Then you may choose to store the data in a Database or InProc session on server. Once you've removed the dependency on cookies.
Edit
Additionally then, if you some clientside activity using a non-auth cookie that absolutely requires the cookies to be present you would write them from each different domain based on these server/session stored values. So a user switching domains eventually gets your
cookie for each domain.
If you are using SQL Server, I think you can use it as session state provider.
in web.config:
<sessionState
mode="SQLServer"
sqlConnectionString="data source=127.0.0.1;user id=<username>;password=<strongpassword>"
cookieless="false"
timeout="20"
/>
Here some doc:
http://msdn.microsoft.com/en-us/library/ms178581.aspx