跨域 cookie 访问(或会话) [英] Cross domain cookie access (or session)
问题描述
虽然我意识到这通常与跨站点脚本攻击有关,但我想知道一个会话如何在属于单个域的多个子域中保持有效(例如:用户只登录一次,并且能够使用同一会话访问 subdomain1.domain.com 和 subdomain2.domain.com).我想我首先需要了解它是如何工作的,但到目前为止我还没有找到任何相关的东西.
While I realise that this is usually related to cross site scripting attacks, what I'm wondering is how can a session remain valid throughout multiple subdomains belonging to a single domain (example: a user logging in only once, and being able to access both subdomain1.domain.com and subdomain2.domain.com with the same session). I guess I first need to understand how it works, but so far I haven't been able to find much that would be of any relevance.
但话说回来,也许我没有问对问题.
But then again, maybe I wasn't asking the right question.
提前致谢:)
推荐答案
Inproc 会话不能保持有效,但是您可以编写 Web 应用程序以允许跨多个子域的 cookie.您需要将域设置为:
Inproc sessions cannot remain valid, however you can code your web application to allow cookies across multiple subdomains. You will need to set the domain equal to:
Response.Cookies("CookieName").Domain = ".mydomain.com"
这篇关于跨域 cookie 访问(或会话)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!