Forms authentication cookie lost when application redirects from another domain to my domain

Question

0.00/5 (No votes)

See more:

, +

I am creating airlines reservation system with online payment feature. For online payment, I have to redirect from my app to another domain(of another organisation that is looking after payment). After payment in successful, another domain again redirects to my app. Another domain is another URL.

The technical flow of my app is: On login page, I have one cookie i.e. __RequestVerificationToken. After login, I will have three - ASP.NET_SessionId, __RequestVerificationToken and 247Sewacookie (this is formsauthentication cookie). When application is redirected to my app from another domain, all cookies are gone. Therefore, application is redirected to login page since there will be no 247Sewacookie.
 
I have hosted my app in https://www.smarterasp.net/.

How can I maintain cookie so that user need not to authenticated again?

What I have tried:

I have tried checking on chrome and edge browser.

Posted 21-Oct-19 18:38pm

Codes DeCodes

Add a Solution

Comments

F-ES Sitecore 22-Oct-19 6:24am

I'm not 100% sure of your overall flow, but cookies are only valid on the domain they were created, you can't have one site read cookies set by another site for security reasons. If you want multiple domains to recognise the same login you'll need to implement single sign on.

ZurdoDev 22-Oct-19 9:03am

You need something coming back from the reservation system to indicate who it is for.

Richard Deeming 22-Oct-19 10:08am

Do your cookies have the "SameSite" attribute set?
Preventing CSRF with the same-site cookie attribute[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

james1205 · Answer 1 · 2019-10-23T20:26:00

Solution 1

I think the following link is explaining your problem please have a look at it..

Single Sign On (SSO) for cross-domain ASP.NET applications: Part-I - The design blue print[^]

Posted 23-Oct-19 20:26pm

james1205

Updated 23-Oct-19 20:42pm