In Forms authentication mode, multiple sites (with the same SubDomain) share the same user logon status

Source: Internet
Author: User
Tags subdomain
I read dudu's issue about the second-level domain name Cookie and Its Solution early this morning. I think the dudu principle is not very clear and I cannot determine the dudu code.
FormsAuthentication. SetAuthCookie and add subordinate code
HttpCookie cookie = Request. Cookies [". DottextCookie"];
If (cookie! = Null)
{
Cookie. Domain = ".cnblogs.com ";
Response. Cookies. Add (cookie );
} "Whether it is a clerical error. Because after FormsAuthentication. SetAuthCookie, the cookie is only added to the Response cookie queue. I think the correct code should be as follows:

// The following code block equal to "FormsAuthentication. RedirectFromLoginPage + change cookie domain"
FormsAuthentication. SetAuthCookie (txtName. Text, false );
HttpCookie lcookie = Context. Response. Cookies [FormsAuthentication. FormsCookieName];
Lcookie. Domain = ".cnblogs.com ";//
Response. Redirect (FormsAuthentication. GetRedirectUrl (txtName. Text, false ));


The principle of shared user logon status is as follows:

The Forms authentication method in Asp.net. the user-verified code on the server is generally as follows:
FormsAuthentication. RedirectFromLoginPage ("UserName", false); // This code writes an encrypted Cookie. This Cookie stores encrypted information such as UserName. However, in Asp.net, the Domain value of the Cookie is null, indicating that the Domain value of the default page Request Path of the browser is used as the domain storage of the cookie. If the browser logs on to www.cnblogs.com/login.aspx, the domain of the cookie is www.cnblogs.com when the browser stores the cookie. In this way, if the browser requests the response. BecauseCaomao.cnblogs.com andWww.cnblogs.com is a completely different primary domain name.

The domain attribute of a cookie is used to allow the browser to obtain matching cookies based on the domain value of the page Request Path and send these cookies to the server. There are two matching methods:
1. The primary Domain is identical. For example, the Domain of the page Request Path is always www.cnblogs.com. The cookie whose domain is "caomao.cnblogs.com" does not match.
2. the SubDomain is the same. For example, if "cnblogs.com" is requested in the browser, the cookie is matched when the browser requests www.cnblogs.com, that is, the cookie is also sent to the www.cnblogs.com server.

To enable www.cnblogs.com to read the user's logged-on cookie information stored on caomao.cnblogs.com, set the cookie domain to cnblogs.com ". However, as described above, Asp.net's FormsAuthentication. RedirectFromLoginPage ("UserName", false); the domain of the cookie recorded for user login is empty. Therefore, we cannot use FormsAuthentication. redirectFromLoginPage ("UserName", false); instead of the following code: // the following code block equal to "FormsAuthentication. redirectFromLoginPage + change cookie domain"
FormsAuthentication. SetAuthCookie (txtName. Text, false );
HttpCookie lcookie = Context. Response. Cookies [FormsAuthentication. FormsCookieName];
Lcookie. Domain = ".cnblogs.com ";//
Response. Redirect (FormsAuthentication. GetRedirectUrl (txtName. Text, false ));

The login User verified by Forms processed by this code can share the logged-on information when accessing www.cnblogs.com. Similarly, if you use the above Code when logging on to www.cnblogs.com, you can also share the logged-on information when logging on to caomao.cnblogs.com.

You also need to make similar changes to the cancellation process. the specific code is as follows: // set the cookie to expired
FormsAuthentication. SignOut ();
// Get the expired cookie
HttpCookie lcookie2 = Context. Response. Cookies [FormsAuthentication. FormsCookieName];
// Set the cookie Domain
Lcookie2.Domain = ".cnblogs.com ";

Speaking of this, I don't know if you know it? We apologize for your limited expression skills. Attach the specific instance code for reference:/Files/caomao/SecondDomain.rar.
Simulate two environments with the same SubDomain on the local machine. You can add two hosts to the host file in the operating system installation path of the Local Machine: (1 as the primary domain, the second is used as the second-level domain)
127.0.0.1 www.zendyhu.com
127.0.0.1 Second.zendyhu.com

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.