dotnet · guardrex · Jul 24, 2018 · Jul 24, 2018 · Jul 24, 2018 · Jul 24, 2018
diff --git a/aspnetcore/security/cookie-sharing.md b/aspnetcore/security/cookie-sharing.md
@@ -45,6 +45,12 @@ In the `ConfigureServices` method, use the [ConfigureApplicationCookie](/dotnet/
 
 Data protection keys and the app name must be shared among apps. In the sample apps, `GetKeyRingDirInfo` returns the common key storage location to the [PersistKeysToFileSystem](/dotnet/api/microsoft.aspnetcore.dataprotection.dataprotectionbuilderextensions.persistkeystofilesystem) method. Use [SetApplicationName](/dotnet/api/microsoft.aspnetcore.dataprotection.dataprotectionbuilderextensions.setapplicationname) to configure a common shared app name (`SharedCookieApp` in the sample). For more information, see [Configuring Data Protection](xref:security/data-protection/configuration/overview).
 
+When hosting apps that share cookies across subdomains, specify a common domain in the [Cookie.Domain](/dotnet/api/microsoft.aspnetcore.http.cookiebuilder.domain) property. To share cookies across apps at `contoso.com`, such as `first_subdomain.contoso.com` and `second_subdomain.contoso.com`, specify the `Cookie.Domain` as `.contoso.com`:
+
+```csharp
+options.Cookie.Domain = ".contoso.com";
+```
+
 See the *CookieAuthWithIdentity.Core* project in the [sample code](https://github.com/aspnet/Docs/tree/master/aspnetcore/security/cookie-sharing/sample/) ([how to download](xref:tutorials/index#how-to-download-a-sample)).
 
 # [ASP.NET Core 1.x](#tab/aspnetcore1x/)
@@ -83,7 +89,13 @@ When using cookies directly:
 
 [!code-csharp[](cookie-sharing/sample/CookieAuth.Core/Startup.cs?name=snippet1)]
 
-Data protection keys and the app name must be shared among apps. In the sample apps, `GetKeyRingDirInfo` returns the common key storage location to the [PersistKeysToFileSystem](/dotnet/api/microsoft.aspnetcore.dataprotection.dataprotectionbuilderextensions.persistkeystofilesystem) method. Use [SetApplicationName](/dotnet/api/microsoft.aspnetcore.dataprotection.dataprotectionbuilderextensions.setapplicationname) to configure a common shared app name (`SharedCookieApp` in the sample). For more information, see [Configuring Data Protection](xref:security/data-protection/configuration/overview). 
+Data protection keys and the app name must be shared among apps. In the sample apps, `GetKeyRingDirInfo` returns the common key storage location to the [PersistKeysToFileSystem](/dotnet/api/microsoft.aspnetcore.dataprotection.dataprotectionbuilderextensions.persistkeystofilesystem) method. Use [SetApplicationName](/dotnet/api/microsoft.aspnetcore.dataprotection.dataprotectionbuilderextensions.setapplicationname) to configure a common shared app name (`SharedCookieApp` in the sample). For more information, see [Configuring Data Protection](xref:security/data-protection/configuration/overview).
+
+When hosting apps that share cookies across subdomains, specify a common domain in the [Cookie.Domain](/dotnet/api/microsoft.aspnetcore.http.cookiebuilder.domain) property. To share cookies across apps at `contoso.com`, such as `first_subdomain.contoso.com` and `second_subdomain.contoso.com`, specify the `Cookie.Domain` as `.contoso.com`:
+
+```csharp
+options.Cookie.Domain = ".contoso.com";
+```
 
 See the *CookieAuth.Core* project in the [sample code](https://github.com/aspnet/Docs/tree/master/aspnetcore/security/cookie-sharing/sample/) ([how to download](xref:tutorials/index#how-to-download-a-sample)).
 

diff --git a/aspnetcore/security/cookie-sharing/sample/README.md b/aspnetcore/security/cookie-sharing/sample/README.md
@@ -4,9 +4,9 @@ The sample illustrates cookie sharing across three apps that use cookie authenti
 
 | Project                             | Description |
 | ----------------------------------- | ----------- |
-| CookieAuth.Core                     | ASP.NET Core 2.0 Razor Pages app without using ASP.NET Core Identity |
-| CookieAuthWithIdentity.Core         | ASP.NET Core 2.0 MVC app with ASP.NET Core Identity |
-| CookieAuthWithIdentity.NETFramework | ASP.NET Framework 4.6.1 MVC app with ASP.NET Identity |
+| CookieAuth.Core                     | ASP.NET Core Razor Pages app without using ASP.NET Core Identity |
+| CookieAuthWithIdentity.Core         | ASP.NET Core MVC app with ASP.NET Core Identity |
+| CookieAuthWithIdentity.NETFramework | ASP.NET Framework MVC app with ASP.NET Identity |
 
 Instructions: