我正在一个使用cookie进行表单身份验证的.net网站上工作,我想添加另一个安全cookie来保存访问和刷新令牌。该cookie被添加到Response.Cookies中,一切似乎正常。我用提琴手检查响应头,以确保设置了Set-Cookie头。
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /
Set-Cookie:
TestTokenCookie=(truncated for brevity);
domain=local.foobar.com;
expires=Sun, 18-Nov-2018 14:42:56 GMT;
path=/
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge,chrome=1
Date: Mon, 20 Aug 2018 13:42:59 GMT
Content-Length: 118
响应看起来正确,但是浏览器中没有显示Cookie。我正在使用“编辑此Cookie” chrome扩展程序来查看已设置的Cookie。这是设置我使用的cookie的代码。
public void CreateTokenCookie(TokenCookieData tokenCookieData, HttpContextBase currentContext, bool createPersistentTicket = true)
{
var ticket = new FormsAuthenticationTicket(1,
tokenCookieData.Username,
DateTime.Now,
DateTime.Now.AddDays(90),
createPersistentTicket,
tokenCookieData.ToString());
CreateCookieFromTicket(ticket, TOKEN_COOKIE_NAME, true, currentContext);
}
private void CreateCookieFromTicket(FormsAuthenticationTicket ticket, string cookieName, bool httpOnly, HttpContextBase currentContext)
{
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(cookieName, encryptedTicket)
{
HttpOnly = httpOnly,
Secure = FormsAuthentication.RequireSSL,
Path = FormsAuthentication.FormsCookiePath,
Expires = ticket.Expiration
};
var domain = GetCookieDomain();
if (domain != null)
{
cookie.Domain = domain;
}
if (currentContext.Response.Cookies[cookieName] != null)
{
currentContext.Response.Cookies.Remove(cookieName);
}
currentContext.Response.Cookies.Add(cookie);
}
有什么想法为什么未在浏览器中设置cookie?
答案 0 :(得分:0)
我认为问题可能出在您的域名“ domain = local.test.com;”上。
有关更多详细信息,请参见此https://stackoverflow.com/a/24071239/10241547
test.com似乎是该限制列表的一部分
或者可能是com
// com : https://en.wikipedia.org/wiki/.com
com
答案 1 :(得分:0)
我认为问题最终在于cookie值的长度。原始值最终约为4105个字符,超过了cookie的最大大小4093个字节。