We run a multi-tenant server (e.g. tenant.server.com) that exposes applications (e.g. /app1, /app2, …)
Each application has its own authentication backend and I need to set session cookie attributes like domain and path per tenant and application.The RestrictAllCookiesToDomain configuration property is not sufficient for this as far as I can tell.
I’ve had a look at the SS code and tried to get my own ICookies implementation injected. Unfortunately in places like the ListenerResponse constructor a new Cookies class instance is created, instead of resolving my custom implementation. I don’t think there is a way to change this with the current codebase.
Am I missing an angle or is this really not possible at the moment?
I’m more than willing to contribute code or send a pull request with a solution if that is needed.
Thanks for your help.