跨域cookie访问（或会话） [英] Cross domain cookie access (or session)

问题描述

虽然我意识到这通常与跨站点脚本攻击相关，但我想知道的是，会话如何在属于单个域的多个子域中保持有效（例如：用户只登录一次，并且能够在同一会话中访问subdomain1.domain.com和subdomain2.domain.com）。我想我首先需要了解它是如何工作的，但到目前为止我还是找不到任何相关的东西。

While I realise that this is usually related to cross site scripting attacks, what I'm wondering is how can a session remain valid throughout multiple subdomains belonging to a single domain (example: a user logging in only once, and being able to access both subdomain1.domain.com and subdomain2.domain.com with the same session). I guess I first need to understand how it works, but so far I haven't been able to find much that would be of any relevance.

但是再次，也许我不是在问正确的问题。

But then again, maybe I wasn't asking the right question.

提前感谢：）

推荐答案

Inproc会话无法保持有效，但您可以对Web应用程序进行编码，以允许跨多个子域的Cookie。您将需要将域设置为：

Inproc sessions cannot remain valid, however you can code your web application to allow cookies across multiple subdomains. You will need to set the domain equal to:

Response.Cookies("CookieName").Domain = ".mydomain.com"

记住句点。

这篇关于跨域cookie访问（或会话）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！