跨子域的表单身份验证

跨子域的表单身份验证

本文介绍了跨子域的表单身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当身份验证发生在子域而不是父域时,是否可以跨子域对用户进行身份验证?

Is it possible to authenticate users across sub-domains when the authentication takes place at a sub-domain instead of the parent domain?

例如:

用户登录到site1.parent.com,然后我们需要将它们发送到reporting.parent.com.

User logs into site1.parent.com, and then we need to send them to reporting.parent.com.

即使登录发生在子域中,我也可以向报告站点验证他们的身份吗?

Can I authenticate them to the reporting site even though the log-in occured at a sub-domain?

到目前为止,我所做的所有研究都是让用户先登录父域,然后每个子域都可以访问身份验证 cookie.

So far all of the research I have done has users logging into the parent domain first and then each sub-domain has access to the authentication cookie.

推荐答案

您可以在身份验证时将 cookie 设置为父域,但您必须明确设置它,它将默认为您所在的完整域.

You can set the cookie to be the parent domain at authentication time but you have to explicitly set it, it will default to the full domain that you are on.

一旦 auth cookie 正确设置到父域,那么所有子域都应该能够读取它.

Once the auth cookie is correctly set to the parent domain, then all sub-domains should be able to read it.

这篇关于跨子域的表单身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-21 01:29