跨域Cookie访问(或会话) [英] Cross domain cookie access (or session)
问题描述
虽然我知道这通常与跨站点脚本攻击,我不知道是怎么可以在会话整个属于一个域(例如多个子仍然有效:在一次用户登录,并能与同一个会话访问两个subdomain1.domain.com和subdomain2.domain.com)。我想我首先需要了解它是如何工作的,但到目前为止,我一直没能找到很多,这将是任何意义的。
While I realise that this is usually related to cross site scripting attacks, what I'm wondering is how can a session remain valid throughout multiple subdomains belonging to a single domain (example: a user logging in only once, and being able to access both subdomain1.domain.com and subdomain2.domain.com with the same session). I guess I first need to understand how it works, but so far I haven't been able to find much that would be of any relevance.
不过话又说回来,也许我不是问正确的问题。
But then again, maybe I wasn't asking the right question.
在此先感谢:)
推荐答案
INPROC会话不能保持有效,但您可以code你的web应用程序,允许跨多个子域的cookies。您需要设置域名等于:
Inproc sessions cannot remain valid, however you can code your web application to allow cookies across multiple subdomains. You will need to set the domain equal to:
Response.Cookies("CookieName").Domain = ".mydomain.com"
这篇关于跨域Cookie访问(或会话)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
