在子域共享ASP.NET饼干 [英] Sharing ASP.NET cookies across sub-domains

问题描述

我有两个网站，都在同一个域，但具有不同的子域。结果
site1.mydomain.com
site2.mydomain.com

I have two sites, both on the same domain, but with different sub-domains.
site1.mydomain.com site2.mydomain.com

在我每个经过身份验证的，我看在后续请求中的cookie，他们为每个站点相同。

Once I'm authenticated on each, I look at the cookies included in subsequent request and they are identical for each site.

不过，如果我登录到第一个站点，然后导航到其他的，我期望从站点1我的cookie与请求SITE2被发送，但事实并非如此。这里是我的cookie的属性。

However, if I log into the first site, and then navigate to the other, I expect my cookie from site 1 to be sent with the request to site2, but this is not the case. Here are the properties of my cookies.

登录到站点1，这个cookie存在，那么

Logging into Site1, this cookie then exists

Name = MySite 
Domain = 
Has Keys = False 
HttpOnly = False 
Path = / 
Value = 1C41854066B03D8CC5679EA92DE1EF427DAC65D1BA0E672899E27C57245C1F0B7E93AB01B5563363AB4815A8F4BDE9D293FD261E03F8E60B8497ABBA964D8D315CCE1C8DD220C7176E21DC361935CF6 
Expires = 1/1/0001 12:00:00 AM 

登录到站点2，这些Cookie，然后存在。

Logging into Site2, these cookies then exists.

Name = MySite 
Domain = 
Has Keys = False 
HttpOnly = False 
Path = / 
Value =    C8C69F87F993166C4D044D33F21ED96463D5E4EB41E1D986BF508DA0CBD5C2CA7D782F59F3BC96871108997E899FF7401C0D8615705BDB353B56C7E164D2302EE6731F41705016105AD99F4E0578ECD2 
Expires = 1/1/0001 12:00:00 AM 

我已经设置在每个域（不要求饼干显示为它只需在客户端上）。
我确信我的形式设定每一个是相同的
我确信我的机器按键设置在两种网络CONFIGS一样的。

I've set the domain on each (doesn't show up in a request cookie as it's only needed on the client). I've made sure my Forms setting for each are identical I've made sure my machine key settings are the same in both web configs.

我在为什么这是行不通的亏损。它是什么，一个cookie包含客户端会的时候都使用相同的身份验证Cookie，都发送一个子域名，而不是其他的，到目前为止，我可以告诉？

I'm at a loss on why this isn't working. What is it that a cookie contains that the client will send it for one sub-domain and not the other when they are both using the same auth cookies so far as I can tell?

请评论，如果有更多的，你想看到的信息。我一直在挣扎这两天。根据这篇文章这应该是工作。

Please comment if there is more info you'd like to see. I've been struggling with this for two days now. According to this article this should be working.

更新： code添加

下面是我的配置文件设置为我的身份验证。这是在两个站点使用。

Here is my config file setting for my authentication. This is used in both sites.

<authentication mode="Forms">
    <forms loginUrl="~/Account/LogOn"
       defaultUrl="~/Home/Index"
       name="MySite" 
       protection="All" 
       path="/" 
       domain="mydomain.com" 
       enableCrossAppRedirects="true" 
       timeout="2880" 
/>

这是我的code创建Site1内的cookie。

And here is my code to create the cookie in Site1.

//Add a cookie that the Site2 will use for Authentication
var cookie = FormsAuthentication.GetAuthCookie(userName, true);
cookie.Name = "MySite";
cookie.HttpOnly = false;
cookie.Expires = DateTime.Now.AddHours(24);
cookie.Domain = "mydomain.com"; 
HttpContext.Response.Cookies.Add(cookie);
HttpContext.Response.Redirect(site2Url,true);

更新2：

我发现了一些在测试奇怪。当我添加一个cookie为SITE1的反应，得到它的加入到这个目录...
    C：\\用户\\ jreddy \\应用程序数据\\漫游\\微软\\ WINDOWS \\饼干

I noticed something strange while testing. When I add a cookie to the response for site1, it get's added to this directory... C:\Users\jreddy\AppData\Roaming\Microsoft\Windows\Cookies

当我添加一个cookie来为网站的响应，它被添加到该目录...
    C：\\用户\\ jreddy \\应用程序数据\\漫游\\微软\\ WINDOWS \\饼干\\低

When I add a cookie to the response for site, it gets added to this directory... C:\Users\jreddy\AppData\Roaming\Microsoft\Windows\Cookies\Low

这可能是我的问题。难道说我的网站之一，包括在本地Intranet区域？

That could be my problem. Could it be that one of my sites is included in the local intranet zone?

更新3：发现问题，解决未知
看来，我的问题与本地Intranet区域的我的第二个网站是部分要做。如果我去站点1使用Firefox它的工作原理，但我必须进入我的Windows凭据。如果我去直通IE浏览器，我的凭据会自动回升，但饼干不能SITE2读取。请问这在另外一个问题。

UPDATE 3: Problem found, solution unknown It seems that my problem has to do with my second site being part of the Local Intranet Zone. If I go to Site1 using Firefox it works, but I have to enter my windows credentials. If I go thru IE, my credentials are picked up automatically, but the cookies can't be read by site2. I may ask this in another question.

推荐答案

在两个子域的每个网站设置的Cookie的域名为.mydomain.com来属性。

set the property of Domain to ".mydomain.com" in each Cookies of two subdomains websites

像

Response.Cookies["test"].Value = "some value";
Response.Cookies["test"].Domain = ".mysite.com";

更新1

在网站

HttpCookie hc = new HttpCookie("strName", "value");
hc.Domain = ".mydomain.com"; // must start with "."
hc.Expires = DateTime.Now.AddMonths(3);
HttpContext.Current.Response.Cookies.Add(hc);

在站点B

HttpContext.Current.Request.Cookies["strName"].Value

试用

问候

这篇关于在子域共享ASP.NET饼干的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！