堆栈内存溢出
  简体   繁体   English

缺少ASP.NET表单身份验证Cookie

[英]Missing asp.net forms authentication cookie

 原文  2012-10-26 12:15:52       asp.net/ forms-authentication

问题描述

We have a bizaar situation. 我们的处境令人困惑。 We have the following in our web.config: 我们的web.config中包含以下内容: 

<authentication mode="Forms">
     <forms name="ASPDNSFGUID" loginUrl="SignIn.aspx" timeout="525600" /></authentication>

This is an ecommerce app, and the cookie is used to help us make sure that the contents of a basket is retained after they login, and this is not working. 这是一个电子商务应用程序,Cookie用于帮助我们确保登录后篮子中的内容得以保留,这是行不通的。 We've used this dozens of times before without problem. 我们已经使用了数十次而没有问题。

The site is hosted on two front end web servers sitting behind a coyote point load balancer. 该站点托管在位于土狼点负载均衡器后面的两个前端Web服务器上。 We've noticed that when the site is viewed via HTTPS, the cookie is there, the authentication type is forms. 我们已经注意到,当通过HTTPS查看站点时,cookie在那里,身份验证类型为表格。 HOWEVER, when we browse non-secure, the cookie is missing and the authentication type is not set. 但是,当我们浏览不安全时,cookie丢失并且未设置身份验证类型。 We know this because we created a page to print out all the headers for us. 我们知道这一点是因为我们创建了一个页面来为我们打印出所有标题。

Does anybody have any ideas on possible causes? 是否有人对可能的原因有任何想法? We're wondering if the load balancer is stripping the cookie but we have no evidence of this, just a gut feel 我们想知道负载均衡器是否正在剥离cookie,但是我们没有证据表明这只是一种直觉

2 个解决方案

解决方案1
 0  2012-10-26 12:21:41

We've noticed that when the site is viewed via HTTPS, the cookie is there, the authentication type is forms. 我们已经注意到,当通过HTTPS查看站点时,cookie在那里,身份验证类型为表格。 HOWEVER, when we browse non-secure, the cookie is missing and the authentication type is not set. 但是,当我们浏览不安全时,cookie丢失并且未设置身份验证类型。

This happens when you have set the requireSSL="true" on the <forms > tag. 当您在<forms >标记上设置了requireSSL="true"时,就会发生这种情况。

How ever you can try to declare the domain="yourdomain.com" in the <forms > tag, with out the subdomain www. 您如何尝试在<forms >标记中声明domain="yourdomain.com" ,而没有子域www. , because this can affect the cookie. ,因为这会影响cookie。

So first try this 所以先试试这个 

<forms name="ASPDNSFGUID" domain="yourdomain.com" loginUrl="SignIn.aspx" 
          timeout="525600" />

then try to see if you have set programmatically the requireSSL. 然后尝试查看是否以编程方式设置了requireSSL。

解决方案2
 0  2012-10-26 13:30:55

Is the cookie set on https, and if so, are https and http on the same domain but different only by protocol? cookie是否设置在https上,如果是,则https和http在同一个域中,但仅在协议上不同吗? ie https://www.somesite.com and http://www.somesite.com https://www.somesite.comhttp://www.somesite.com

Because, if they have a different subdomain you will have issues unless you specify domain="somesite.com" in your <forms> element in the web.config 因为,如果它们具有不同的子域,除非在web.config的<forms>元素中指定domain =“ somesite.com”,否则您将遇到问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET表单身份验证Cookie - ASP.NET Forms Authentication Cookie 缺少ASP.net表单身份验证Cookie - ASP.net Form Authentication cookie is missing ASP.NET Forms身份验证和持久身份验证Cookie安全性 - ASP.NET Forms Authentication and Persistent Authentication Cookie Security ASP.Net Forms身份验证Cookie跨会话传递 - ASP.Net Forms Authentication cookie is passed across sessions 如何同步表单身份验证cookie和Asp.Net Session的生命周期? - How to synchronize lifetime of forms authentication cookie and Asp.Net Session? 在表单身份验证中使用ASP.Net Identity 2 cookie - Using ASP.Net Identity 2 cookie in forms authentication ASP.NET表单身份验证Cookie和会话以获取其他数据 - ASP.NET Forms Authentication Cookie and Sessions for additional data Asp.net形成身份验证cookie,不遵守IIS7的超时 - Asp.net forms authentication cookie not honoring timeout with IIS7 ASP.NET Forms IE和Firefox的身份验证Cookie区别 - ASP.NET Forms Authentication Cookie Differences in Between IE and Firefox Facebook Connect和ASP.NET Forms身份验证 - 计时/ Cookie问题 - Facebook Connect & ASP.NET Forms Authentication - Timing/Cookie Problem
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM