0

在可能的主域中,我通过以下代码创建身份验证 cookie:

 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
        1,
         "user1",//username
         DateTime.Now,
         DateTime.Now.AddDays(5),
         true,
         "members",
         FormsAuthentication.FormsCookiePath);

        // To give more security it is suggested to hash it
        string hashCookies = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket
        cookie.Expires = DateTime.Now.AddDays(5);
        cookie.Domain = "xxx.com";
        Response.Cookies.Add(cookie);

        //get sessionid
        ViewBag.sid = Session.SessionID;

在我的 web.config 中:

<authentication mode="Forms">
      <forms loginUrl="~/Home/Index" name="x1" timeout="2880" domain="xxx.com" path="/" />
  </authentication>
  <machineKey validationKey="BCAC1F242F26C76DB8ADB999F29CB18B8EDB4437DF5E508770F6329F5B4C92A78DA447D3AB57B84E486109E7D0B0E230052AA2B14619702863A79DAFA44BF146" decryptionKey="A911156C3A378C70E10E4529C73B0DDC588D892177629D228D687C98EC879CEC" validation="SHA1" decryption="AES" />

在我的子域中,我有下面的控制器:

  public ActionResult Index()
    {
        ViewBag.sid = Session.SessionID;
        return View();
    }

子域的web.config:

 <authorization>
      <deny users="?" />
  </authorization>
  <authentication mode="Forms">
      <forms loginUrl="~/Login/Index" timeout="2880" domain="sub.helinus.com" name="x1" />
  </authentication>
  <machineKey validationKey="BCAC1F242F26C76DB8ADB999F29CB18B8EDB4437DF5E508770F6329F5B4C92A78DA447D3AB57B84E486109E7D0B0E230052AA2B14619702863A79DAFA44BF146" decryptionKey="A911156C3A378C70E10E4529C73B0DDC588D892177629D228D687C98EC879CEC" validation="SHA1" decryption="AES" />

当用户在主域中进行身份验证并重定向到子域时,为什么会话 ID 会发生变化?

4

0 回答 0