ASP.NET Session Cookies - specifying the base domain

Question

By default, ASP.NET will set its cookies to use \"mydomain.com\" as their base. I\'d prefer to have them use \"www.mydomain.com\" instead, so that I can have other \"sub.my

Answer 1

Session uses only one cookie, so why don't you set domain only for ASP.NET_SessionId cookie ?

Answer 2

Create a ISessionIDManager, since you only want to change the cookie domain we will let the default one do all the work.

This is configured in web.config on the sessionState element under <system.web>.

<sessionState sessionIDManagerType="MySessionIDManager" />

And the implementation.

public class MySessionIDManager: SessionIDManager, ISessionIDManager
{   
    void ISessionIDManager.SaveSessionID( HttpContext context, string id, out bool redirected, out bool cookieAdded )
    {
        base.SaveSessionID( context, id, out redirected, out cookieAdded );

        if (cookieAdded) {
            var name = "ASP.NET_SessionId";
            var cookie = context.Response.Cookies[ name ];
            cookie.Domain = "example.com";
        }
    }
}

Answer 3

I realise this is an old question, but could you use the domain attribute of the httpCookies configuration section instead of doing this in code?

<httpCookies domain="String" 
             httpOnlyCookies="true|false" 
             requireSSL="true|false" />