跨子域共享 ASP.NET cookie [英] Sharing ASP.NET cookies across sub-domains

问题描述

我有两个站点，都在同一个域中，但具有不同的子域.
site1.mydomain.comsite2.mydomain.com

I have two sites, both on the same domain, but with different sub-domains.
site1.mydomain.com site2.mydomain.com

在对每个站点进行身份验证后，我会查看后续请求中包含的 cookie，它们对于每个站点都是相同的.

Once I'm authenticated on each, I look at the cookies included in subsequent request and they are identical for each site.

但是，如果我登录第一个站点，然后导航到另一个站点，我希望我的站点 1 的 cookie 与请求一起发送到站点 2，但事实并非如此.这是我的 cookie 的属性.

However, if I log into the first site, and then navigate to the other, I expect my cookie from site 1 to be sent with the request to site2, but this is not the case. Here are the properties of my cookies.

登录Site1，这个cookie就存在了

Logging into Site1, this cookie then exists

Name = MySite 
Domain = 
Has Keys = False 
HttpOnly = False 
Path = / 
Value = 1C41854066B03D8CC5679EA92DE1EF427DAC65D1BA0E672899E27C57245C1F0B7E93AB01B5563363AB4815A8F4BDE9D293FD261E03F8E60B8497ABBA964D8D315CCE1C8DD220C7176E21DC361935CF6 
Expires = 1/1/0001 12:00:00 AM 

登录到 Site2，这些 cookie 就会存在.

Logging into Site2, these cookies then exists.

Name = MySite 
Domain = 
Has Keys = False 
HttpOnly = False 
Path = / 
Value =    C8C69F87F993166C4D044D33F21ED96463D5E4EB41E1D986BF508DA0CBD5C2CA7D782F59F3BC96871108997E899FF7401C0D8615705BDB353B56C7E164D2302EE6731F41705016105AD99F4E0578ECD2 
Expires = 1/1/0001 12:00:00 AM 

我已经在每个域上设置了域(没有出现在请求 cookie 中，因为它只在客户端上需要).我已确保每个表单的设置都相同我已确保我的机器密钥设置在两个 Web 配置中相同.

I've set the domain on each (doesn't show up in a request cookie as it's only needed on the client). I've made sure my Forms setting for each are identical I've made sure my machine key settings are the same in both web configs.

我不知道为什么这不起作用.据我所知，当客户端都使用相同的身份验证 cookie 时，cookie 包含的内容是什么，客户端会将其发送到一个子域而不是另一个子域?

I'm at a loss on why this isn't working. What is it that a cookie contains that the client will send it for one sub-domain and not the other when they are both using the same auth cookies so far as I can tell?

如果您想查看更多信息，请发表评论.我已经为此苦苦挣扎了两天了.根据这篇文章，这应该可以工作.

Please comment if there is more info you'd like to see. I've been struggling with this for two days now. According to this article this should be working.

更新:添加了代码

这是我的身份验证配置文件设置.这在两个站点中都使用.

Here is my config file setting for my authentication. This is used in both sites.

<authentication mode="Forms">
    <forms loginUrl="~/Account/LogOn"
       defaultUrl="~/Home/Index"
       name="MySite" 
       protection="All" 
       path="/" 
       domain="mydomain.com" 
       enableCrossAppRedirects="true" 
       timeout="2880" 
/>

这是我在 Site1 中创建 cookie 的代码.

And here is my code to create the cookie in Site1.

//Add a cookie that the Site2 will use for Authentication
var cookie = FormsAuthentication.GetAuthCookie(userName, true);
cookie.Name = "MySite";
cookie.HttpOnly = false;
cookie.Expires = DateTime.Now.AddHours(24);
cookie.Domain = "mydomain.com"; 
HttpContext.Response.Cookies.Add(cookie);
HttpContext.Response.Redirect(site2Url,true);

更新 2:

我在测试时发现了一些奇怪的东西.当我向站点 1 的响应添加 cookie 时，它​​会被添加到此目录中...C:UsersjreddyAppDataRoamingMicrosoftWindowsCookies

I noticed something strange while testing. When I add a cookie to the response for site1, it get's added to this directory... C:UsersjreddyAppDataRoamingMicrosoftWindowsCookies

当我向站点的响应添加 cookie 时，它​​会被添加到此目录中...C:UsersjreddyAppDataRoamingMicrosoftWindowsCookiesLow

When I add a cookie to the response for site, it gets added to this directory... C:UsersjreddyAppDataRoamingMicrosoftWindowsCookiesLow

那可能是我的问题.会不会是我的一个站点包含在本地 Intranet 区域中?

That could be my problem. Could it be that one of my sites is included in the local intranet zone?

更新 3: 发现问题，解决方案未知我的问题似乎与我的第二个站点是本地 Intranet 区域的一部分有关.如果我使用 Firefox 访问 Site1，它可以工作，但我必须输入我的 Windows 凭据.如果我通过 IE，我的凭据会自动获取，但 cookie 无法被 site2 读取.我可能会在另一个问题中问这个.

UPDATE 3: Problem found, solution unknown It seems that my problem has to do with my second site being part of the Local Intranet Zone. If I go to Site1 using Firefox it works, but I have to enter my windows credentials. If I go thru IE, my credentials are picked up automatically, but the cookies can't be read by site2. I may ask this in another question.

推荐答案

在两个子域名网站的每个Cookies中设置Domain的属性为.mydomain.com"

set the property of Domain to ".mydomain.com" in each Cookies of two subdomains websites

喜欢

Response.Cookies["test"].Value = "some value";
Response.Cookies["test"].Domain = ".mysite.com";

更新 1

在网站

HttpCookie hc = new HttpCookie("strName", "value");
hc.Domain = ".mydomain.com"; // must start with "."
hc.Expires = DateTime.Now.AddMonths(3);
HttpContext.Current.Response.Cookies.Add(hc);

在站点 B

HttpContext.Current.Request.Cookies["strName"].Value

试试

问候

这篇关于跨子域共享 ASP.NET cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！