From 4807549d1aa09a32822a43d57c1d27c40c1935d3 Mon Sep 17 00:00:00 2001 From: maliming Date: Sat, 9 Mar 2024 11:23:32 +0800 Subject: [PATCH 1/3] How to share the cookies between subdomains Resolve #19209 --- .../POST.md | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md diff --git a/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md b/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md new file mode 100644 index 0000000000..b5e7232e1c --- /dev/null +++ b/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md @@ -0,0 +1,83 @@ +# How to share the cookies between subdomains + +## Introduction + +Share cookies between subdomains is a common requirement in web development. For example, you have a website with multiple subdomains, and you want to share the login status between these subdomains. + +Once a user logs in to one subdomain, the user should be logged in to all subdomains. This article will show you how to achieve this in an ASP.NET Core application. + +## Implementation principle + +The `cookie` has a `Domain` attribute which specifies which server can receive a cookie. +If specified, then cookies are available on the server and its subdomains. For example, if you set `Domain=.abp.io`, cookies are available on `abp.io` and its subdomains like `community.abp.io`. + +If the server does not specify a Domain, the cookies are available on the server but not on its subdomains. Therefore, specifying Domain is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user. + +## Change the domain of the cookie in ASP.NET Core + +There is a `CookiePolicyMiddleware` in ASP.NET Core, You can add some policies to the `CookiePolicyOptions` during cookies are appended or deleted. + +We will add a policy to the `CookiePolicyOptions` to change the `domain` of the cookie. + +```csharp +services.Configure(options => +{ + options.OnAppendCookie = cookieContext => + { + ChangeCookieDomain(cookieContext, null); + }; + + options.OnDeleteCookie = cookieContext => + { + ChangeCookieDomain(null, cookieContext); + }; +}); + +private static void ChangeCookieDomain(AppendCookieContext appendCookieContext, DeleteCookieContext deleteCookieContext) +{ + if (appendCookieContext != null) + { + // Change the domain of the all cookies + //appendCookieContext.CookieOptions.Domain = ".abp.io"; + + // Change the domain of the specific cookie + if (appendCookieContext.CookieName == ".AspNetCore.Culture") + { + appendCookieContext.CookieOptions.Domain = ".abp.io"; + } + } + + if (deleteCookieContext != null) + { + // Change the domain of the all cookies + //appendCookieContext.CookieOptions.Domain = ".abp.io"; + + // Change the domain of the specific cookie + if (deleteCookieContext.CookieName == ".AspNetCore.Culture") + { + deleteCookieContext.CookieOptions.Domain = ".abp.io"; + } + } +} +``` + +Add the `app.UseCookiePolicy()` in the ASP.NET Core pipeline. + +```csharp +//... +app.UseStaticFiles(); +app.UseCookiePolicy(); +//... +``` + +If you check the HTTP response headers, you will see the `Set-Cookie` header with the `domain` attribute. + +```http +Set-Cookie: .AspNetCore.Culture=c%3Den%7Cuic%3Den; expires=Mon, 09 Mar 2026 02:00:00 GMT; domain=.abp.io; path=/ +``` + +The subdomains can share the `.AspNetCore.Culture` cookie now. + +## Summary + +The `CookiePolicy` middleware provides a way to control cookies in an ASP.NET Core, It very useful if you have more complex requirements for Cookies. From 6b57c054f2e181997836889b69892d3c5b002c7f Mon Sep 17 00:00:00 2001 From: maliming Date: Sat, 9 Mar 2024 13:52:44 +0800 Subject: [PATCH 2/3] Update POST.md --- .../2024-03-03-Share-Cookies-BetweenSubDomains/POST.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md b/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md index b5e7232e1c..41ebc3ac92 100644 --- a/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md +++ b/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md @@ -2,9 +2,9 @@ ## Introduction -Share cookies between subdomains is a common requirement in web development. For example, you have a website with multiple subdomains, and you want to share the login status between these subdomains. +Share cookies between subdomains is a common requirement in web development. For example, you have a website with multiple subdomains, and you want to share the login status between these subdomains. Once a user logs in to one subdomain, the user should be logged in to all subdomains. -Once a user logs in to one subdomain, the user should be logged in to all subdomains. This article will show you how to achieve this in an ASP.NET Core application. +This article will show you how to achieve this in an ASP.NET Core application. ## Implementation principle @@ -78,6 +78,8 @@ Set-Cookie: .AspNetCore.Culture=c%3Den%7Cuic%3Den; expires=Mon, 09 Mar 2026 02:0 The subdomains can share the `.AspNetCore.Culture` cookie now. +In another community article we use same middleware to [fix the Chrome login issue for the IdentityServer4](https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n) + ## Summary The `CookiePolicy` middleware provides a way to control cookies in an ASP.NET Core, It very useful if you have more complex requirements for Cookies. From 1eebe453469c6cfa4ccf589bddf7b586a7c6d60c Mon Sep 17 00:00:00 2001 From: Engincan VESKE Date: Mon, 11 Mar 2024 10:50:29 +0300 Subject: [PATCH 3/3] Update POST.md --- .../POST.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md b/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md index 41ebc3ac92..b4c7e00289 100644 --- a/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md +++ b/docs/en/Community-Articles/2024-03-03-Share-Cookies-BetweenSubDomains/POST.md @@ -2,7 +2,7 @@ ## Introduction -Share cookies between subdomains is a common requirement in web development. For example, you have a website with multiple subdomains, and you want to share the login status between these subdomains. Once a user logs in to one subdomain, the user should be logged in to all subdomains. +Sharing cookies between subdomains is a common requirement in web development. For example, you have a website with multiple subdomains, and you want to share the login status between these subdomains. Once a user logs in to one subdomain, the user should be logged in to all subdomains. This article will show you how to achieve this in an ASP.NET Core application. @@ -11,13 +11,13 @@ This article will show you how to achieve this in an ASP.NET Core application. The `cookie` has a `Domain` attribute which specifies which server can receive a cookie. If specified, then cookies are available on the server and its subdomains. For example, if you set `Domain=.abp.io`, cookies are available on `abp.io` and its subdomains like `community.abp.io`. -If the server does not specify a Domain, the cookies are available on the server but not on its subdomains. Therefore, specifying Domain is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user. +If the server does not specify a **Domain**, the cookies are available on the server but not on its subdomains. Therefore, specifying the **Domain** is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user. ## Change the domain of the cookie in ASP.NET Core -There is a `CookiePolicyMiddleware` in ASP.NET Core, You can add some policies to the `CookiePolicyOptions` during cookies are appended or deleted. +There is a `CookiePolicyMiddleware` in ASP.NET Core, you can add some policies to the `CookiePolicyOptions` during cookies are appended or deleted. -We will add a policy to the `CookiePolicyOptions` to change the `domain` of the cookie. +We will add a policy to the `CookiePolicyOptions` to change the `domain` of the cookie: ```csharp services.Configure(options => @@ -37,7 +37,7 @@ private static void ChangeCookieDomain(AppendCookieContext appendCookieContext, { if (appendCookieContext != null) { - // Change the domain of the all cookies + // Change the domain of all cookies //appendCookieContext.CookieOptions.Domain = ".abp.io"; // Change the domain of the specific cookie @@ -49,7 +49,7 @@ private static void ChangeCookieDomain(AppendCookieContext appendCookieContext, if (deleteCookieContext != null) { - // Change the domain of the all cookies + // Change the domain of all cookies //appendCookieContext.CookieOptions.Domain = ".abp.io"; // Change the domain of the specific cookie @@ -61,7 +61,7 @@ private static void ChangeCookieDomain(AppendCookieContext appendCookieContext, } ``` -Add the `app.UseCookiePolicy()` in the ASP.NET Core pipeline. +Add the `app.UseCookiePolicy()` in the ASP.NET Core pipeline: ```csharp //... @@ -70,7 +70,7 @@ app.UseCookiePolicy(); //... ``` -If you check the HTTP response headers, you will see the `Set-Cookie` header with the `domain` attribute. +If you check the HTTP response headers, you will see the `Set-Cookie` header with the `domain` attribute as follows: ```http Set-Cookie: .AspNetCore.Culture=c%3Den%7Cuic%3Den; expires=Mon, 09 Mar 2026 02:00:00 GMT; domain=.abp.io; path=/ @@ -78,8 +78,8 @@ Set-Cookie: .AspNetCore.Culture=c%3Den%7Cuic%3Den; expires=Mon, 09 Mar 2026 02:0 The subdomains can share the `.AspNetCore.Culture` cookie now. -In another community article we use same middleware to [fix the Chrome login issue for the IdentityServer4](https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n) +In another community article, we use the same middleware to [fix the Chrome login issue for the IdentityServer4](https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n) ## Summary -The `CookiePolicy` middleware provides a way to control cookies in an ASP.NET Core, It very useful if you have more complex requirements for Cookies. +The `CookiePolicy` middleware provides a way to control cookies in an ASP.NET Core, It is very useful if you have more complex requirements for Cookies.