Sharing a cookie between two websites on the same domain

Question

Here\'s the situation:

• Website A, ASP.NET MVC 4 web application. Domain: http://a.example.com
• Website B, ASP.NET MVC 4 web applicaiton. Domain: http:/

Answer 1

The Best way to handle this is to make machinekey decryption fall back to Framework20SP2

From this article : http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx

Just add that attribute to machinekey in your .net 4.5 application

<machineKey validationKey="" decryptionKey="" validation="SHA1" compatibilityMode="Framework20SP2" />

you won't need to remove targetFramework="4.5" from httpruntime now.

Answer 2

When you create a new ASP.NET 4.5 (e.g ASP.NET MVC 4) application, the following line is added to the web.config:

<httpRuntime targetFramework="4.5" />

This was not present in my other application, possibly because my other application was an ASP.NET 3.5 application which was upgraded to 4.5.

Removing that line in the new ASP.NET web application fixed the problem.

I think this is due to the compatability mode value: http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx

Framework45. Cryptographic enhancements for ASP.NET 4.5 are in effect. This is the default value if the application Web.config file has the targetFramework attribute of the httpRuntime element set to "4.5".

Not sure i get how removing that line solved the problem. I assume application one has a different compatability mode, since it didn't have that httpRuntime element.