Asp. NET cookie cross-domain problem and solution code

Asp. NET cookie cross-domain problem and solution code

Http://www.liyumei.net.cn/post/share18.html

Cookie Disclosure

Http://www.cnblogs.com/zhangziqiu/archive/2009/08/06/cookies-javascript-aspnet.html

recently encountered a very difficult problem in the development of the project, a user in the top-level domain login, jump to their own level two domain name management level Two site, the cookie is lost, has been looking for a solution to find a full two days, Baidu Google a lot, and ultimately still no solution. Although the result is not satisfied, but the last thing to learn is still there, at least some people think that can solve the problem of the method (although not in my own project). The following it blog shares a common and most recognized approach and solves the code. As we all know, by default, a cookie is associated with a specific domain. For example, the IT blog site is www.liyumei.net.cn, so when a user requests a page from that site, the cookie is sent to the server. (except for cookies with a specific path value).   If our site has subdomains (for example, liyumei.net.cn, a.liyumei.net.cn, and b.liyumei.net.cn), to have cookies associated with a specific subdomain, we need to set the domain property of the cookie as follows: Response.Cookies ("Domain"). Value =DateTime.Now.ToString Response.Cookies ("Domain"). Expires = DateTime.Now.AddDays (1) Response.Cookies ("Domain"). Domain ="b.liyumei.net.cn"If you set up the domain in this way, the cookie can only be used to specify pages in the subdomain. Of course we can also use the Domain property to create cookies that can be shared across multiple subdomains. For example, set the following settings for a domain: Response.Cookies ("Domain"). Value =DateTime.Now.ToString Response.Cookies ("Domain"). Expires = DateTime.Now.AddDays (1) Response.Cookies ("Domain"). Domain ="liyumei.net.cn"This allows the Cookie to be used for the primary domain, a.liyumei.net.cn, and b.liyumei.net.cn. The following is the creation of a cross-domain cookie that can implement cookies under the same root domain as: www.liyumei.net.cn, all two-level domains under this root domain can share cookies, Public Static BOOLCreatecookie (stringStrcookiename,stringStrcookievalue,stringStrdomain,BOOLBlurlencode) {if(blurlencode) {Strcookievalue=System.Web.HttpContext.Current.Server.UrlEncode (Strcookievalue); } HttpCookie Objcookie=NewHttpCookie (Strcookiename, Strcookievalue); Objcookie.domain= Strdomain;//set the domain name of the cookieSystem.Web.HttpContext.Current.Response.Cookies.Add (Objcookie); return true; The cookie has three attributes to take note of:1. Domain Domains2. Path Paths3. Expires Expiration Time cross-domain operations need to set domain properties: Response.Cookies ("MyCookie"). Domain ="cnblogs.com"; (this refers to the generic domain name) so that under the other two-level domain name can be accessed, ASP and ASP. NET test through the virtual directory access: I made the next test on the ASP side. NET does not try, if you do not specify the path attribute, the cookie cannot be shared under different virtual directories Response.Cookies ("MyCookie"). Path ="/"can be the general wording: Response.Cookies ("MyCookie"). Domain ="cnblogs.com"; Response.Cookies ("MyCookie"). Path ="/"Response.Cookies ("MyCookie"). Expires = Now +365; Response.Cookies ("MyCookie")("Test") ="Test";. NET Clear Cookiehttpcookie Cookies=System.web.httpcontext.current.request.cookies[cookiename];if(Cookie! =NULL) {cookie. Values.clear (); Setusercookieexpiretime (CookieName,-1); cookies. Domain=_domain; System.Web.HttpContext.Current.Response.Cookies.Set (cookie);} Public Static voidSetusercookieexpiretime (stringKeyintDays ) {System.web.httpcontext.current.response.cookies[key]. Domain=_domain; System.web.httpcontext.current.response.cookies[key]. Path=_cookiepath; System.web.httpcontext.current.response.cookies[key]. Expires=DateTime.Now.AddDays (days);}. NET Add/Update Cookies Public Static voidAddusercookies (stringKeystringValuestringCookieName,stringdomain) {HttpCookie Cookie=System.web.httpcontext.current.request.cookies[cookiename];if(Cookie = =NULL) {Cookie=NewHttpCookie (cookiename); cookies. Domain=Domain;cookie. Path=_cookiepath;cookie. Values.add (key, value); HttpContext.Current.Response.AppendCookie (cookie);}Else{if(System.web.httpcontext.current.request.cookies[cookiename]. Values[key]! =NULL) {cookie. Values.set (key, value);}Else{cookie. Domain=Domain;cookie. Path=_cookiepath;cookie. Values.add (key, value); HttpContext.Current.Response.AppendCookie (cookie);}}} The above can be used to implement a cookie cross-domain cross-directory

View Code

Asp. NET cookie cross-domain problem and solution code