为什么默认的ASP.NET窗体身份验证Cookie有它的主要时期的默认名称=> " .ASPXAUTH" [英] Why does the default ASP.NET Forms Authentication Cookie have a leading period in it's default name => ".ASPXAUTH"
问题描述
默认的<一个href="http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.formscookiename.aspx">ASP.NET窗体身份验证Cookie设置它的名字为 .ASPXAUTH 。请注意,第一个字符是期?对此有一个特别的原因?像,这是否会对域名或子目标域的影响。
the default ASP.NET Forms Authentication cookie sets it's name as ".ASPXAUTH". Notice the first character is a period? Is there a particular reason for this? Like, does this have an impact on domain names or subdomains for the target domain.
抑或是纯粹的一些随机的东西的MS dev的人想出了(也许助阵饼干的顺序,当他们调试或东西..文本与周期其他字符串之前prolly获得上市)?
Or is it purely some random thing an MS dev person came up with (maybe to help out the ordering of the cookies, when they were debugging or something .. as text with periods prolly get listed before other strings)?
推荐答案
我无法找到sajoshi提到的两个点的要求,但我没有找到这对HTTP规范RFC2109。
I was unable to find the "two dots" requirement that sajoshi mentioned, but I did find this on the HTTP specification rfc2109.
域=域名 可选。域属性指定该域 cookie是有效的。显式指定的域必须始终启动 以一个点。
Domain=domain Optional. The Domain attribute specifies the domain for which the cookie is valid. An explicitly specified domain must always start with a dot.
该部分的 4.2.2设置Cookie语法。我不知道有一个点的要求,在所有前sajoshi的帖子,让我看着它,但似乎他是说对了一半。如果有人给它仔细阅读,并能指出什么我已经错过了,请做。
http://www.w3.org/Protocols/rfc2109/rfc2109
The section is 4.2.2 Set-Cookie Syntax. I did not know there was a dot requirement at all before sajoshi's post, so I looked it up, but it seems that he was half right. If someone gives it a closer reading and can point out anything I've missed, please do.
我做了查找4.3.3节的
的请求主机是一个的FQDN(未IP地址)和具有形式HD中,其中D是域属性的值,和H是包含一个或多个点的字符串。
The request-host is a FQDN (not IP address) and has the form HD, where D is the value of the Domain attribute, and H is a string that contains one or more dots.
(FQDN是一个完全合格的域名)
(FQDN is a Fully Qualified Domain Name)
一个Set-Cookie从请求主机yxfoo.com的域名= .foo.com将被拒绝,因为H是YX,并包含一个圆点
A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com would be rejected, because H is y.x and contains a dot
和
设置Cookie的请求主机x.foo.com的域名= .foo.com将被接受。
Set-Cookie from request-host x.foo.com for Domain=.foo.com would be accepted.
所以,这似乎是一个cookie域至少需要两个点,如果它是在域名惠而不贵的名字。但是,ASPNET身份验证cookie是不是这样做的,所以这就是为什么只需要一个点。
So, it seems like a Cookie domain would require at least two dots if it were basing its name on the domain name. However, the aspnet authentication cookie isn't doing this, so that's why it only requires one dot.
这篇关于为什么默认的ASP.NET窗体身份验证Cookie有它的主要时期的默认名称=&GT; &QUOT; .ASPXAUTH&QUOT;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
