This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 30%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
We are migrating several legacy asp.net application to azure ad. Each app has its own app registration, users and sessions
www.example.com/ABC/
www.example.com/ADE/
www.example.com/MBC/
During testing we are running into a lot of issues with nonces and cookies, and I notice that the cookies appear to be scoped to www.example.com. Is there an issue sharing the same domain across multiple applications? Do we need to change our app urls to something like:
abc.example.com/
ade.example.com/
mbc.example.com/
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
You can customize the scope of the cookies but this is not the default behaviour of working with cookies. The default behaviour is the scope to be the FDQN of the server.
Would be better to have different FDQNs for your web apps like you suggested.
Hope this helps!