问题
I read thousand of doc but nothing work for me.
1) What I want : on my server-side I used the following variable :
(string)Session["myData"]
2) When I changed the subdomain
www.myDomain.com/myPage.aspx
OR
myDomain.com/myPage.aspx
OR
myUser.myDomain.com/myPage.aspx
My problem : I loose the Session data when I go from one of those domain to another.
3) I want to keep the session-state only with cookie and inproc mode :
<sessionState mode="InProc" cookieless="UseCookies" cookieName="myDomain.com" timeout="10000"> </sessionState>
<authentication mode="Windows"/>
I added in the web.config :
<httpCookies domain="myDomain.com" />
or
<httpCookies domain=".myDomain.com" />
or
<httpCookies domain=".myDomain.com" httpOnlyCookies="true" />
But nothing worked.
Thanks for any advices.
回答1:
Short answer, you can't fulfill all of your criteria.
Possible solutions:
- Redirect any request with an incoming domain of "xxx.myDomain.com" to a common "www.myDomain.com". This may involve changing "myUser.myDomain.com" to "www.myDomain.com/default.aspx?&user=myUser". Because it's a redirect, your user will see the address in his bar change, and will therefore gain some knowledge of the sausage-making behind your website (useful to attackers).
- NEVER refer to your domain explicitly from within your own site. All URIs should be relative to the root of your web structure. This should allow you to avoid changing domains and thus losing your session state.
- Use SQLServer to manage session state: http://support.microsoft.com/kb/2527105. This will require changing your session handling from InProc with cookies to SQLServer, as well as some other config changes.
来源:https://stackoverflow.com/questions/6022382/shared-session-state-over-subdomain