FormsAuthentication Cookie Name and Domain - General Discussions - General Discussions - Progress Community
 General Discussions

FormsAuthentication Cookie Name and Domain

  • FormsAuthentication Cookie Name and Domain
  • 1.  Is it possible to change the name of the forms authentication cookie that Sitefinity 4.0 uses?

    2.  Is it possible to set the cookie at the domain level - rather than at the host level?

    I would like the SF authentication cookie to be shared with other sites on the same domain.  I am accustomed to accomplishing this with a <forms.../> element in the web.config - something along the lines of:

    <authentication mode="Forms">
      <forms
        name=".CustomCookieName"
        loginUrl="login.aspx"
        domain=".somedomain.com"
        enableCrossAppRedirects="true" />
    </authentication>

    I have read in other posts that the official Sitefinity 4.0 release, later this month, will have SSO functionality.  Interested to hear whether this release wil answer my question or not.
  • Hi Valerie,

    You can change the name of the Authentication cookie and HttpCookie.Domain from Sitefinity >> Administration >> Settings >> Advanced >> Security.

    By default AuthCookieDomain is set to an empty string. The AuthCookieName is .SFAUTH

    Sitefinity uses its own security mode and generally we get all settings from our configuration files located under App_Data/Sitefinity/Configuration folder.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • Great - very simple to change the cookie name and domain.  Thanks Ivan!
  • I want to change the domain of .ASPXAUTH cookie. How should I do it from Sitefinity end?