We run a multi-tenant server (e.g. tenant.server.com) that exposes applications (e.g. /app1, /app2, ..)
Each application has its own authentication backend and I need to set session cookie attributes like domain and path per tenant and application.The RestrictAllCookiesToDomain configuration property is not sufficient for this as far as I can tell.
I've had a look at the SS code and tried to get my own ICookies implementation injected. Unfortunately in places like the ListenerResponse constructor a new Cookies class instance is created, instead of resolving my custom implementation. I don't think there is a way to change this with the current codebase.
Am I missing an angle or is this really not possible at the moment?
I'm more than willing to contribute code or send a pull request with a solution if that is needed.
Thanks for your help.
ServiceStack Cookies implementation didn't take into account different subdomains but I've changed all call-sites to resolve
ICookies from the overridable
AppHost.GetCookies() in this commit.
We're currently rebuilding all the projects on CI atm, but will let you know when we have this change on MyGet.
That is one fast reply! Thanks ever so much - I'll keep an eye out for the change.
No problems, this change is now available from v4.5.5 that's now available on MyGet.
Note we're also open to PR's that you need to implement this, but they'll need to backwards compatible and ideally minimally disruptive to the existing code-base.