跨域 cookie 访问(或会话) [英] Cross domain cookie access (or session)

问题描述

虽然我意识到这通常与跨站点脚本攻击有关，但我想知道一个会话如何在属于单个域的多个子域中保持有效(例如:用户只登录一次，并且能够使用同一会话访问 subdomain1.domain.com 和 subdomain2.domain.com).我想我首先需要了解它是如何工作的，但到目前为止我还没有找到任何相关的东西.

While I realise that this is usually related to cross site scripting attacks, what I'm wondering is how can a session remain valid throughout multiple subdomains belonging to a single domain (example: a user logging in only once, and being able to access both subdomain1.domain.com and subdomain2.domain.com with the same session). I guess I first need to understand how it works, but so far I haven't been able to find much that would be of any relevance.

但话说回来，也许我没有问对问题.

But then again, maybe I wasn't asking the right question.

提前致谢:)

推荐答案

Inproc 会话不能保持有效，但是您可以编写 Web 应用程序以允许跨多个子域的 cookie.您需要将域设置为:

Inproc sessions cannot remain valid, however you can code your web application to allow cookies across multiple subdomains. You will need to set the domain equal to:

Response.Cookies("CookieName").Domain = ".mydomain.com"

记住句号.

这篇关于跨域 cookie 访问(或会话)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！