Wondering if it is possible for my claims aware application (ASP.NET) to save a cookie that can be read by the ADFS Service (ASP.NET also). This is so I can give it the URN of a specific client at the time of the SSO based on the subdomain. However I am not sure if a website can read cookies from a different website or not.
views:
178answers:
1
+1
A:
I think it's possible, but only when both webapplications are on the same domain. The following question, and especially the marked answer, handles a similar question:
http://stackoverflow.com/questions/444018/sync-cookies-and-sessions-in-different-subdomains-asp-net
If it were possible to do it with different domains, that would be a huge security risk. Then your cookies would be readable by any other website you visit. So I don't think that's possible. But if I'm wrong, someone please correct me on this one.
Further information @ MSDN: http://msdn.microsoft.com/en-us/library/ms178194.aspx. See the section called Limiting Cookie Domain Scope.
Cloud
2009-04-28 17:54:23