estado de sesión compartido sobre subdominio

I read thousand of doc but nothing work for me.

1) What I want : on my server-side I used the following variable :


2) When I changed the subdomain

My problem : I loose the Session data when I go from one of those domain to another.

3) I want to keep the session-state only with cookie and inproc mode :

  <sessionState mode="InProc" cookieless="UseCookies"  cookieName="" timeout="10000">     </sessionState>
  <authentication mode="Windows"/>

I added in the web.config :

<httpCookies domain=""  />


 <httpCookies domain=""  />  


 <httpCookies domain="" httpOnlyCookies="true" />

Pero nada funcionó.

Gracias por cualquier consejo.

preguntado el 16 de mayo de 11 a las 19:05

1 Respuestas

Short answer, you can't fulfill all of your criteria.

Soluciones posibles:

  • Redirect any request with an incoming domain of "" to a common "". This may involve changing "" to "". Because it's a redirect, your user will see the address in his bar change, and will therefore gain some knowledge of the sausage-making behind your website (useful to attackers).
  • NEVER refer to your domain explicitly from within your own site. All URIs should be relative to the root of your web structure. This should allow you to avoid changing domains and thus losing your session state.
  • Use SQLServer to manage session state: This will require changing your session handling from InProc with cookies to SQLServer, as well as some other config changes.

contestado el 16 de mayo de 11 a las 23:05

Thanks for you answer... It's exactly what I was affraid of. If no one has a tricky solution, i'll give u the vote. - Zitun

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.