为什么会话ID在子域中发生变化?

时间:2013-07-23 16:43:53

标签: asp.net .net asp.net-mvc-4 cookies

在may main domain中我通过以下代码创建身份验证coockie:

 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
        1,
         "user1",//username
         DateTime.Now,
         DateTime.Now.AddDays(5),
         true,
         "members",
         FormsAuthentication.FormsCookiePath);

        // To give more security it is suggested to hash it
        string hashCookies = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket
        cookie.Expires = DateTime.Now.AddDays(5);
        cookie.Domain = "xxx.com";
        Response.Cookies.Add(cookie);

        //get sessionid
        ViewBag.sid = Session.SessionID;

在我的web.config中:

<authentication mode="Forms">
      <forms loginUrl="~/Home/Index" name="x1" timeout="2880" domain="xxx.com" path="/" />
  </authentication>
  <machineKey validationKey="BCAC1F242F26C76DB8ADB999F29CB18B8EDB4437DF5E508770F6329F5B4C92A78DA447D3AB57B84E486109E7D0B0E230052AA2B14619702863A79DAFA44BF146" decryptionKey="A911156C3A378C70E10E4529C73B0DDC588D892177629D228D687C98EC879CEC" validation="SHA1" decryption="AES" />

在我的子域名中,我有控制器:

  public ActionResult Index()
    {
        ViewBag.sid = Session.SessionID;
        return View();
    }

子域的web.config:

 <authorization>
      <deny users="?" />
  </authorization>
  <authentication mode="Forms">
      <forms loginUrl="~/Login/Index" timeout="2880" domain="sub.helinus.com" name="x1" />
  </authentication>
  <machineKey validationKey="BCAC1F242F26C76DB8ADB999F29CB18B8EDB4437DF5E508770F6329F5B4C92A78DA447D3AB57B84E486109E7D0B0E230052AA2B14619702863A79DAFA44BF146" decryptionKey="A911156C3A378C70E10E4529C73B0DDC588D892177629D228D687C98EC879CEC" validation="SHA1" decryption="AES" />

当用户在主域中进行身份验证并重定向到子域时,为什么会话ID会发生变化?

0 个答案:

没有答案