question

jasonhernandez-1063 avatar image
0 Votes"
jasonhernandez-1063 asked CristianSPIRIDON72 answered

Authenticating multiple application on same domain

We are migrating several legacy asp.net application to azure ad. Each app has its own app registration, users and sessions
www.example.com/ABC/
www.example.com/ADE/
www.example.com/MBC/

During testing we are running into a lot of issues with nonces and cookies, and I notice that the cookies appear to be scoped to www.example.com. Is there an issue sharing the same domain across multiple applications? Do we need to change our app urls to something like:

abc.example.com/
ade.example.com/
mbc.example.com/

azure-ad-authentication
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CristianSPIRIDON72 avatar image
0 Votes"
CristianSPIRIDON72 answered

Hi,

You can customize the scope of the cookies but this is not the default behaviour of working with cookies. The default behaviour is the scope to be the FDQN of the server.

Would be better to have different FDQNs for your web apps like you suggested.

Hope this helps!

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.