( cookie) example.com, site1.example.com. cookie , cookie.
cookie , cookie, cookie .
example.com :
web.config:
<machineKey validation="AES" validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryption="AES" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"/> //key to encrypt auth ticket
codebehind:
Dim sTicketEncriptado As String
Dim authTicket As New FormsAuthenticationTicket(1, userName, Date.Now, Date.Now.AddMinutes(timeOut), True, "")
encriptedTicket = FormsAuthentication.Encrypt(authTicket)
Dim authcookie As New HttpCookie("authCookieForSite1", encriptedTicket )
authcookie.HttpOnly = True
authcookie.Domain = example.com" //root domain, every subdomain can read this cookie
authcookie.Path = "/"
Response.Cookies.Add(authcookie)
site1.example.com config cookie auth:
<machineKey validation="AES" validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryption="AES" decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"/> //key to decrypt auth tichet. Same machine keys that in example.com
<forms protection="All" path="/" domain="example.com" timeout="1439" enableCrossAppRedirects="true" cookieless="UseCookies" slidingExpiration="true" loginUrl="example.com" name="authCookieForSite1" defaultUrl="site1.example.com/default.aspx"/> //no login urt, go to example.com if no cookie is present
. , , , .