Session is not working on IIS with CORS about session HOT 10 CLOSED

Could you share a sample repro project?

from session.

thanks for reply i am following this https://github.com/aspnet/MusicStore
this is the code where session is created

private static string GetCartId(HttpContext context)
        {
            var cartId = context.Session.GetString("Session");

            if (cartId == null)
            {
                //A GUID to hold the cartId. 
                cartId = Guid.NewGuid().ToString();

                // Send cart Id as a cookie to the client.
                context.Session.SetString("Session", cartId);
            }

            return cartId;
        }

but tis not working on CORS i am getting cookie in response header but its not set in browser .
everytime it just send me new set cookie in response header , the cookie is never set ,it may be stupid to ask but i am not sure, is it cors related or i have add any cookiedomain or something so it can work with any domain... I am also using angular2 as client

from session.

What is your CORS policy? Some CORS policies do not allow cookies.

from session.

@Tratcher as for now i have allowed everything in CORS , anyways after researching a lot i found cookies wont work on cross domain for security reasons. anyways i will get the app on subdomain , will test and close the issue

from session.

well its not working on subdomains either this is the response header
Set-Cookie:.mysession.Session=e506554c-34b1-8990-de71-a9d12cd4a3ff; domain=.mydomain.com; path=/; httponly

my session config

services.AddSession(options =>
            {
                options.CookieName = ".mysession.Session";
                options.IdleTimeout = TimeSpan.FromSeconds(20);
                options.CookieDomain = ".mydomain.com";
                           });

my CORS policy

 services.AddCors(options =>
            {
                options.AddPolicy("AllowndSTFU",
                    builder => builder.AllowAnyOrigin()
                                     .AllowAnyMethod()
                                     .AllowCredentials()
                                    .AllowAnyHeader());
            });

its generating cookie from backend.mydomain.com and i need to access it on app.mydomain.com

from session.

(not directly related, but it looks like you're still using RC2, you should move to 1.0).

from session.

This issue was moved to aspnet/CORS#81

from session.

not working even after updating...

from session.

@devilsuraj Can you be more specific?

from session.

@davidfowl i have a frontend app (angular2) hosted on app.mydomain.com i am making xhr calls to back.mydomain.com where .net backend app is hosted so when i need to maintain session between users and backend i am using code mentioned in my previous comments . it works if app and backend are both on same server but with CORS i.e. in my case on different domain it fails to create session cookie . its there in response header but not being created so i am not able to maintain session so my app is not working . hope it explains....

It should work if i mention the domain name option of session ... but now this issue has been moved to CORS . howver no one is responding there :(

from session.