I am using ASP.NET MVC for my web site. Previously I have added a below common header in the web.config file
<httpCookies domain="test.sample.com" httpOnlyCookies="false" requireSSL="true" />
I am using another domain for my web site, test.sample.de.
My problem is since I have provided the domain as test.sample.com in httpcookies header, I am not able to login to the test.sample.de domain.
So now I have removed the domain from the httpCookies header as follows:
<httpCookies httpOnlyCookies="false" requireSSL="true" />
Now the login is working fine in the test.sample.de domain but already logged in user in test.sample.com domain is unable to log out. After clearing the cookies, the login and log out function works fine. This issue reproduces only for the users who have already logged in while I did these changes. For new users, this is working fine.
Below is the signout code I have used:
FormsAuth.SignOut();
Session.RemoveAll();
Now, what should I do to fix this issue? Can I add multiple domain support in httpCookies header or what fix do I need to give for my already logged in users, other than asking them to clear their cookies?