发表新帖
发表新帖

Sharing ASP.NET cookies across sub-domains

前端 未结
关注
4 1930
野趣味
野趣味 2020-12-01 03:47

I have two sites, both on the same domain, but with different sub-domains.
site1.mydomain.com site2.mydomain.com

Once I\'m authenticated on each, I look at the c

相关标签:
4条回答
  • 不知归路
    2020-12-01 04:11

    If you're using Forms authentication on all of your sub domains, all you need to do is to add domain=".mydomain.com" property to the <forms> node in your web.config

    Note the leading period in .mydomain.com

    This simple change by itself will make your authentication cookie valid in all sub-domains; no need to manually set any cookies.

    0 讨论(0)
  • 萌比男神i
    2020-12-01 04:18

    set the property of Domain to ".mydomain.com" in each Cookies of two subdomains websites

    like 

    Response.Cookies["test"].Value = "some value";
Response.Cookies["test"].Domain = ".mysite.com";

    UPDATE 1

    in Site 

    HttpCookie hc = new HttpCookie("strName", "value");
hc.Domain = ".mydomain.com"; // must start with "."
hc.Expires = DateTime.Now.AddMonths(3);
HttpContext.Current.Response.Cookies.Add(hc);

    In Site B

    HttpContext.Current.Request.Cookies["strName"].Value

    Try It

    Regards

    0 讨论(0)
  • [愿得一人]
    2020-12-01 04:22

    Add new cookie and specify domain like this

    HttpCookie cookie = new HttpCookie("cookiename", "value");
cookie.Domain = "domain.com";

    For forms authentication set this in web.config

    <forms name=".ASPXAUTH" 
       loginUrl="login.aspx" 
       protection="All" 
       timeout="30" 
       path="/" 
       requireSSL="false" 
       domain="domain.com">
</forms>

    The cookie will be accessible to all the subdomains.

    In order for each domain to decrypt the the cookie, all web.config files must use the same encryption/decryption algorithm and key. (how to create a machine key)

    Example:

    // do not wrap these values like this in the web.config
// only wrapping for code visibility on SO
<machineKey  
  validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75
                 D7AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281
                 B"             
  decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719
                 F"
  validation="SHA1"
  decryption="AES"
/>

    For easier deployments, these values can be stored in a separate file:

    <machineKey configSource="machinekey.config"/>

    For added security you can also encrypt the machine key for further protection..

    0 讨论(0)
  • 北海茫月
    2020-12-01 04:28

    I've created a HttpContext extension method that will write a sub domain safe cookie.

    Blog post and discussion

    public static class HttpContextBaseExtenstions
{
    public static void SetSubdomainSafeCookie(this HttpContextBase context, string name, string value)
    {
        var domain = String.Empty;

        if (context.Request.IsLocal)
        {
            var domainSegments = context.Request.Url.Host.Split('.');
            domain = "." + String.Join(".", domainSegments.Skip(1));
        }
        else
        {
            domain = context.Request.Url.Host;
        }

        var cookie = new HttpCookie(name, value)
        {
            Domain = domain
        };

        context.Response.SetCookie(cookie);
    }
}

// usage
public class MyController : Controller
{
    public ActionResult Index()
    {
        this.Context.SetSubdomainSafeCookie("id", Guid.NewGuid().ToString());
        return View();
    }
}
    0 讨论(0)
 看不清?
提交回复
热议问题