Login to Sitecore 9.1 across multiple subdomains

Jack: 19 May 2022

I am trying to login to Sitecore across multiple domains. I mean, I have two different sites and

is there a way to set the auth cookies at parent domain level, in my case at level and let the user to access both the sites?

I noticed few posts for different Sitecore versions, but the one which we are using is 9.1 and i didn't find any article with Sitecore 9.1.

Sitecore 9.1 is using identity server & Owin authentication mechanism, the old posts and articles uses the legacy way of authentication and didn't work.

Any suggestions will help us.


Oliver: 19 May 2022

Sitecore 9.1 uses the Owin authentication mechanism, in the earlier versions it uses the .Net legacy form authentication mechanism. To enable the virtual login the below steps are followed. Inherited DefaultCookieAuthenticationOptions and passed the domain and other required properties in the constructor.

    public class CustomCookieAuthenticationOptions : DefaultCookieAuthenticationOptions
        public CustomCookieAuthenticationOptions(DefaultCookieAuthenticationProvider provider, ICookieManager cookieManager, AuthenticationTypeResolver authenticationTypeResolver)
            : base(provider, cookieManager, authenticationTypeResolver)
            CookieDomain = "";
            //Based on your requirement you can set the remaining properties
            //CookieSecure = Microsoft.Owin.Security.Cookies.CookieSecureOption.Never;

Injected the above class based on the sample given in the Sitecore document ( Code -

public class MyServicesConfigurator : IServicesConfigurator
        public void Configure(IServiceCollection serviceCollection)
            serviceCollection.AddTransient<DefaultCookieAuthenticationOptions, CustomCookieAuthenticationOptions>();

Config -

            <configurator type= "Test.MyServicesConfigurator, Test.Poc"/>

After the above changes, it sets the cookie at but CORS still failed. I mean when I login from and try to access the page from the domain, I am not able to access the Sitecore context set in [Though both the sites are published from same Sitecore instance]. When further analyzing the issue, looks like the “ASP.NET_SessionId” needs to be at parent domain level i.e. level [to share the similar Sitecore session between and]. So updated the Web.config [Sitecore instance] as below.

<httpCookies httpOnlyCookies="true" requireSSL="false" domain="" />

Now when I login from, all the Sitecore cookies are set at including the “ASP.NET_SessionId”. So my Sitecore context built in is accessible in and this is what I expected.