Share cookies or session data between cross domain using ASP.NET C#

Ashok Kumar 221 Reputation points
2024-11-28T12:54:53.5233333+00:00

We have a shared state management server and aim to transfer session values between two domains: modern.com and 180algos.com. Both domains redirect to a common page, freelogin.aspx, which is hosted exclusively on modern.com. On this page, I need to retrieve the session["sitename"] value.

For example:

  1. modern.com/password.aspx stores session["sitename"] = "V3".
  2. 180algos.com/login.aspx stores session["sitename"] = "180algos".
  3. Without using a redirect or query string, we access freelogin.aspx directly, such as https://modern.com/freelogin.aspx. On this page, I need to identify the originating site and handle the session value accordingly.

freelogin.aspx.cs


if (session["sitename"] == "V3")

{

    // From the modern site 

}

else if (session["sitename"] == "180algos")

{

    // From the 180algos site

}

How can I implement this functionality in ASP.NET using alternative approaches, such as sessions, cookies, or JWTs?

If I access the page directly using https://modern.com/freelogin.aspx, the stored session value should be retrieved.

Note :-

  1. Should not use any redirection/query string ex:- Response.Redirect("https://freelogin.aspx?sitename=V3");
  2. Is it possible to transfer data across different domains?
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,547 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lan Huang-MSFT 30,086 Reputation points Microsoft Vendor
    2024-11-29T02:51:33.8533333+00:00

    Hi @Ashok Kumar,

    For subdomains in the same root domain only - you can use wildcard cookies by specifying a subdomain. For example, sv1.test.com and sv2.test.com will both use test.com

    For using a single cookie across root domains - you can't do that. It violates the trust rules - otherwise my application could read your other cookies. In sites that "seem" to share cookies, it's common to redirect to the other domain to verify the value, then redirect back to the other domain. The value can then be posted, set in a hidden form field or in a query string.

    Best regards,
    Lan Huang


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 68,486 Reputation points
    2024-12-03T19:07:32.86+00:00

    as your domain are distinct they can not share a cookie. you would normally pass a session key via the query string or post data.

    sessions are normally tied to a cookie and browser instance. if you can tie session to a userid, and both use the same userid, then you could timestamp session. add add support to lookup session by userid.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.