二级域名之间共享Cookie,很重要的一点就是配置,如下:
domain设置为.ahdqxx.com,如果你的域名是www.ahdqxx.com,mall.ahdqxx.com,那么请设置你的domain为.ahdqxx.com
path设置为/
<authentication mode="Forms">
<forms name="DQ.AUTH" loginUrl="http://www.ahdqxx.com/Login/Index" protection="All" domain=".ahdqxx.com" timeout="43200" path="/" requireSSL="false" slidingExpiration="true" />
</authentication>
第二重点的就是登陆时候Cookie设置,
不要忘记使用之前配置的东西来设置 Cookie(FormsAuthentication.FormsCookiePath,FormsAuthentication.CookieDomain)
public virtual void SignIn(Customer customer, bool createPersistentCookie) { var now = DateTime.UtcNow.ToLocalTime(); var userdata = JsonConvert.SerializeObject(new SimpleUser { Name = _customerSettings.UsernamesEnabled ? customer.Username : customer.Email, ID = customer.CustomerGuid }); var ticket = new FormsAuthenticationTicket( 1 /*version*/, _customerSettings.UsernamesEnabled ? customer.Username : customer.Email, now, now.Add(_expirationTimeSpan), createPersistentCookie, userdata, FormsAuthentication.FormsCookiePath); var encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.HttpOnly = true; if (ticket.IsPersistent) { cookie.Expires = ticket.Expiration; } cookie.Secure = FormsAuthentication.RequireSSL; cookie.Path = FormsAuthentication.FormsCookiePath; if (FormsAuthentication.CookieDomain != null) { cookie.Domain = FormsAuthentication.CookieDomain; } _httpContext.Response.Cookies.Add(cookie); _cachedCustomer = customer; }