PingFederate identifies sessions by their respective PF cookie. By default, the PF cookie is set without domain information in the HTTP header; for example:

Set-Cookie: PF=zOv4xxmzDI2rx1TFBFy78X;Path=/;Secure;HttpOnly

As needed, you may configure PingFederate to return the Set-Cookie HTTP header with domain information.

  1. Edit the session-cookie-config.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
  2. Modify the cookie-domain element; for example:

    <c:item name="cookie-domain">.example.com</c:item>

  3. Save the change.
  4. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on the System > Cluster Management screen. It is not necessary to restart PingFederate on any running engine node.

Once this change is activated, PingFederate includes domain information in its Set-Cookie HTTP header; for example:

Set-Cookie: PF=aDfPx6uwbbWGFhwE6zEhEG;Path=/;Domain=.example.com;Secure;HttpOnly