我尝试在 ASP.NET 网站中使用子域,但在重置会话时遇到一些问题。
我已将主机文件编辑为“localhost”、“one.localhost”和“two.localhost”。我可以访问这些 URL 中的任何一个并执行我需要执行的操作并登录到我的系统。会话模式在 web.config 中定义如下:
<sessionState cookieless="false" mode="SQLServer" timeout="300"
sqlConnectionString="Data Source=MyDatabase;user id=User1;password=pass"/>
我使用 SQLServer,因为网站将作为 webfarm 运行。
我发现,当我单击导致回发的内容时,所有会话都会丢失并创建一个新的会话 ID,当发生这种情况时,我的网站现在是“localhost”,而不是登录的“one.localhost”。
有谁知道可能是什么原因造成的?
干杯
I'm trying to use sub-domains in my ASP.NET website but I'm coming across a few problems with the session being reset.
I've edited my hosts file to have 'localhost', 'one.localhost' and 'two.localhost'. I can go to any of these URLs and do what I need to do and login to my system. The session mode is defined as follows in the web.config:
<sessionState cookieless="false" mode="SQLServer" timeout="300"
sqlConnectionString="Data Source=MyDatabase;user id=User1;password=pass"/>
I'm using SQLServer as the website will be ran as a webfarm.
What I'm finding is when I click something that causes a postback all the session is lost and a new session id is created, when this occurs my website is now 'localhost' rather than the logged in 'one.localhost' for example.
Does anyone know what might be causing this?
Cheers
发布评论
评论(2)
您的问题似乎存在几个问题:
要跨多个子域共享会话信息,您需要将会话 cookie 写入正确的域,在本例中为
.example.com- 请在此处查看更多信息:"ASP.NET 会话状态、Cookie 和子域" 。如果您希望用户同时登录所有域,并且您使用表单身份验证,则可以使用 domain 属性/en-us/library/1d3t3c61.aspx" rel="nofollow noreferrer">表单元素(注意域路径中的前导句点):
您需要在所有站点上进行配置。
至于为什么您在回发时被重定向到 localhost 而不是 one.localhost,您需要查看已呈现的源(您是否包含一些基本 href 信息,或者您的表单是否明确回发到localhost 而不是 one.localhost)? Fiddler 是查看浏览器正在执行的操作的好工具。
最后,当您将其部署到多个服务器时,请不要忘记 在所有站点上配置您的 MachineKey,以确保它们具有相同的值,以便它们可以正确解密会话、登录令牌、视图状态等。
You seem to have a couple of issues going on from your question:
To share the session information across multiple sub-domains, you'll need to write the session cookie to the correct domain, in this case
.example.com- see more information here: "ASP.NET Session State, Cookies and Sub-domains".If you want the user to log in on all domains simultaneously, and you're using Forms authentication, you can use the
domainattribute of the forms element (note the leading period in the domain path):You'll need to configure this on all sites.
As to why you're being redirected to localhost rather than one.localhost on a postback, you'd need to take a look at the source that's been rendered (are you including some base href information, or is your form explicitly posting back to localhost instead of one.localhost)? A good tool to see what the browser is doing is Fiddler.
Finally, as a heads up for when you deploy this to multiple servers, don't forget to configure your MachineKey on all sites to ensure that they have the same value so that they can decrypt the session, login tokens, viewstate, etc correctly.
基本上,登录 cookie 中设置的域特定于 one.localhost。
有一些可能的黑客行为。请参阅此问题的最后一个答案 :
在登录/开始页面中,运行以下命令:
Basically, the domain being set in the logged in cookie is specific to one.localhost.
There are some possible hacks. see e.g. the last answer to this question:
In the login/start page, run the following: