By default, the PF.PERSISTENT cookie is set without domain information in the HTTP header.

Set-Cookie: PF.PERSISTENT=UoBlPlf16V2oYAEPot2DnpUOXxitK7au;Path=/;Expires=Sat, 06-Nov-2021 00:48:08 GMT;Max-Age=94608000;Secure;HttpOnly

You can configure PingFederate to return the Set-Cookie HTTP header with domain information, as needed.

  1. Edit the <pf_install>/pingfederate/server/default/data/config-store/persistent-session-cookie-config.xml file.
  2. Modify the cookie-domain element.

    <c:item name="cookie-domain">.example.com</c:item>

  3. Save the change.
  4. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on System > Server > Cluster Management. You do not have to restart PingFederate on any running engine node.

After you activate this change, PingFederate includes domain information in its Set-Cookie HTTP header.

Set-Cookie: PF.PERSISTENT=tOYwPM7VFMeluUyeu0EKQLL0DCJyVOqG;Path=/;Domain=.example.com;Expires=Sat, 06-Nov-2021 01:00:34 GMT;Max-Age=94608000;Secure;HttpOnly