问题
My applications consists of 2 parts:
- The web API, written in .NET Core
- The web app, written in React and rendered using a nodejs express server
I am hosting these parts on azure, each on it's own sub domain so we have:
- api.azurewebsites.net
- app.azurewebsites.net
When the user logs in I set a cookie, to my understanding a cookie can be used accross sub domains. The cookie is set the following way:
Response.Cookies.Append("token", "token value", new CookieOptions
{
Expires = DateTimeOffset.Now.AddDays(7),
SameSite = SameSiteMode.None,
Domain = "azurewebsites.net"
});
But the cookie is not sent along with requests to either sub domain. How can this be?
If this is the wrong approach how do I authenticate with a SSR app and a rest api? When the app gets rendered in node it fetches data the exact same way as in the browser using isomorphic-fetch, the cookie is passed along with it.
All this works flawlessly on localhost, the problem starts when the app in on a different sub domain from the api.
UPDATE:
The cookie header looks like this:
Set-Cookie: token=<token>; expires=Sat, 22 Jun 2019 05:35:18 GMT; domain=azurewebsites.net; path=/; secure
On firefox it works different from chrome. On chrome i do the authentication api request, get the token get the cookie header and then the cookie does not get sent along any subsequent requests.
In firefox the cookie does get sent with subsequent requests, however upon refreshing the page the cookie is gone.
回答1:
I found this ASP.NET Core Sharing Identity Cookie across azure web apps on default domain (*.azurewebsites.net)
Cross sub domain cookies are blocked for the azurewebsites.net domain for security reasons.
来源:https://stackoverflow.com/questions/56560924/cross-sub-domain-cookies-on-azure