How to share session among Multiple Domains on single asp.net website?

回眸只為那壹抹淺笑 提交于 2019-11-29 15:38:00

You can't share cookies on domains that have different top level domain name.

This is only possible to do with subdomains.

mydomain.com
fr.mydomain.com
de.mydomain.com
da.mydomain.com
...

You cannot share a cookie between different domain directly. But there is one way to make it possible at some context. You can make JSONP request or loading an iframe in your JS. if you use iframe make a http POST call using form. Form tag has your another domain name as action and iframe name as a target. What form will do is it will load an ifram and the cookie of your different domain will come in your browser.

Code:

<iframe name="iframe-test" border="1px"></iframe>

<form id="iframe-form" target="iframe-test" action="http://differentdomain.com/setCookie" method="POST">
     <input type="hidden" value="1234" name="token">
   </form>

    <script type="text/javascript">
        function submitForm(){          
            var form = document.getElementById("iframe-form");
            form.submit();              
        }
    </script>

As Oded states you cannot share cookies across different top level domains. Therefore you may need to look into a different method of persisting sessions.

Swapping the Session State provider as danyolgiax proposes will not solve your issue as the session identification is still happening with cookies. Therefore you need to look into an approach such as cookieless sessions:

Cookieles sessions

Then you may choose to store the data in a Database or InProc session on server. Once you've removed the dependency on cookies.

Edit

Additionally then, if you some clientside activity using a non-auth cookie that absolutely requires the cookies to be present you would write them from each different domain based on these server/session stored values. So a user switching domains eventually gets your cookie for each domain.

If you are using SQL Server, I think you can use it as session state provider.

in web.config:

<sessionState 
        mode="SQLServer"
        sqlConnectionString="data source=127.0.0.1;user id=<username>;password=<strongpassword>"
        cookieless="false" 
        timeout="20" 
/>

Here some doc:

http://msdn.microsoft.com/en-us/library/ms178581.aspx

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!