Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

MSAL Auth: Cookie Domain

The cookieDomain property controls the Domain attribute applied to all Set-Cookie headers generated by the handler.

Configuration Options

cookieDomain: localhost

or

cookieDomain: .mycompany.com

Usage

The Domain attribute tells the browser which hosts are allowed to receive the cookie.

  • If you specify a host without a leading dot (e.g., localhost or api.mycompany.com), the browser will only send the cookie to that exact domain.
  • If you specify a domain with a leading dot (e.g., .mycompany.com), the browser will send the cookie to that domain and all of its subdomains (e.g., app.mycompany.com, admin.mycompany.com).

Note: If the domain is misconfigured or doesn’t match the URL you are using to access the gateway, the browser will refuse to save the cookie entirely.