Best way of passing session between 2 sub-domains with MVC

Question

During the buy process of my ecommerce site that I'm developing in MVC I need to pass the "cart" session to a different subdomain (e.g. http : //www.abc.com to https : //secure.abc.com).

I guess I have to perform the same trick as with webforms where I save all the variables associated with the session to a database, then pass the ID of the database record to the secured subdomain and reload the session using the id supplied.

However with MVC I have a couple of options (I think):

1) Render a form in the non-secured page that posts an ID to the controller (but call the controller using an hard-coded absolute URL (e.g. https://secure.abc.com/nextstep

2) Post back the ID to my non-secured controller and then have the controller return a view that is secured (is that possible).

Is there a better way?

Answer 1

Even an easier way if you make sure it won't affect the security, is to allow the cookie to be shared on the domain, instead of the subdomain only. I come from a PHP background, wouldn't know how to do this in .net

Answer 2

I did it through cookies in order to solve the sub domian problem

You can save your data into cookies something like this:

HttpCookie cookies = new HttpCookie("Name");
cookies["data"] = yourdata;
cookies.Domian = ".abc.com"

Then your data info can be shared across sub domains