How those app share cookies ? #7392
Comments
|
@HaoK Is it correct that if FYI: The content on this API page is broken: https://docs.microsoft.com/dotnet/api/microsoft.aspnetcore.authentication.cookies.cookieauthenticationoptions.cookie ... it's not piping the |
|
SameSite appears to require exact domain matches. Lax only skips the domain check for top-level interactions like a user link click. As for sharing cookies across subdomains, the most common guidance seems to be to set the domain to the parent domain like ".example.com". |
|
In that case, we should add a piece here on setting |
|
why the request still appear to be public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options=>{
var connectionString = Configuration.GetConnectionString("DefaultConnection");
options.UseLazyLoadingProxies()
.UseSqlServer(connectionString);
});
services.AddCors(options =>
{
options.AddPolicy(MyAllowSpecificOrigins,
builder =>
{
builder.AllowAnyHeader().AllowAnyMethod().AllowCredentials().SetIsOriginAllowed((x) =>
{
return true;
});
});
});
services.AddAuthentication()
.AddCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.None;
});
services.AddSession(s => s.IdleTimeout = TimeSpan.FromMinutes(60));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = false;
options.Password.RequiredUniqueChars = 4;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 10;
options.Lockout.AllowedForNewUsers = true;
// User settings
options.User.RequireUniqueEmail = true;
});
AddApplicationServices(services);
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider services, ApplicationDbContextSeeder seeder)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else if(env.IsProduction())
{
app.UseExceptionHandler("/Home/Error");
app.UseHttpsRedirection();
}
app.UseWelcomePage(new WelcomePageOptions() {
Path="/welcome"
});
app.UseStaticFiles();
app.UseCors(MyAllowSpecificOrigins);
app.UseAuthentication();
app.UseCookiePolicy(new CookiePolicyOptions()
{
MinimumSameSitePolicy = SameSiteMode.None,
});
app.UseSession();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
//controller/action/param
template: "{controller=Home}/{action=Cover}/{id?}");
});
//seeder.Seed().Wait();
//seeder.CreateUserRoles(services).Wait();
} |
|
Hello @serfend ... We only handle documentation issues. For general support, ask on a support forum, such as Stack Overflow, or a support chat, such as Slack or Gitter. Also note that we don't work closed issues. For a new documentation issue, we ask that readers use the feedback buttons at the bottoms of the topics to open new issues. |
|
@serfend see dotnet/aspnetcore#4647, you likely need ConfigureExternalCookie and ConfigureApplicationCookie. |
|
@Tratcher i tried ,but it only work on |
|
See https://docs.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-2.2#configure-session-state for configuring Session. |
I'm confusing with this doc, AFAK cookies has domain , and there nowhere to configurate , and if they live in differenct sub domain , how can the cookie be shared ?
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: