PingFederate identifies persistent authentication sessions by their respective PF.PERSISTENT cookie. By default, the PF.PERSISTENT cookie is set without domain information in the HTTP header; for example:

Set-Cookie: PF.PERSISTENT=UoBlPlf16V2oYAEPot2DnpUOXxitK7au;Path=/;Expires=Sat, 06-Nov-2021 00:48:08 GMT;Max-Age=94608000;Secure;HttpOnly

As needed, you may configure PingFederate to return the Set-Cookie HTTP header with domain information.

  1. Edit the persistent-session-cookie-config.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
  2. Modify the cookie-domain element; for example:

    <c:item name="cookie-domain">.example.com</c:item>

  3. Save the change.
  4. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on the System > Cluster Management screen. It is not necessary to restart PingFederate on any running engine node.

Once this change is activated, PingFederate includes domain information in its Set-Cookie HTTP header; for example:

Set-Cookie: PF.PERSISTENT=tOYwPM7VFMeluUyeu0EKQLL0DCJyVOqG;Path=/;Domain=.example.com;Expires=Sat, 06-Nov-2021 01:00:34 GMT;Max-Age=94608000;Secure;HttpOnly