0
我有兩個子域,local-api.domain.com和local-web.domain.comCookie不能被保存
local-web.domain.com有一個頁面(local-web.domain.com/測試/ authtest),通過AJAX調用local-api.domain.com上的登錄服務(local-api.domain.com/authentication/login)。登錄檢查用戶的發佈憑證,如果它們有效,則通過ASP.Net窗體身份驗證將用戶登錄。下面是從服務回來的樣本原始響應:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Set-Cookie: token=dsaaflkdaflkxEfrLEUH2Bsfdsjfdksfjdsklfj; expires=Sat, 11 Jan 2014 00:16:04 GMT; domain=.domain.com; path=/; httponly
Access-Control-Allow-Origin: http://local-web.domain.com
Access-Control-Allow-Credentials: true
Set-Cookie: .ASPXAUTH=E18F1521FFF70FDFD60444F6EA791D28DDF1010F907D35DD13CDA7E2698CE9DCFB50A25853A5BCFEA0E21820A0760D8412D517548F59344EDDA052DD6D7BD7DDB1D47D011F2EFE3B58B6B2690B370D54C560FC6FA3B0990190E0CB8A8B4CC80BEA925CA928256C78C502E74444566785C95EDC399777B3CB0D2AAFFD219B3ED5; domain=.domain.com; path=/; HttpOnly
Set-Cookie: Visitor=acfbc21b-6259-4000-809d-7dbc72db8309; domain=.domain.com; expires=Sat, 10-Jan-2015 00:16:04 GMT; path=/; HttpOnly
Set-Cookie: Visit=78406825-adf1-4224-af57-0350136a5fc6; domain=.domain.com; path=/; HttpOnly
Set-Cookie: Culture=en; domain=.domain.com; expires=Sat, 10-Jan-2015 00:16:04 GMT; path=/; HttpOnly
Date: Fri, 10 Jan 2014 00:16:04 GMT
Content-Length: 122
{"token":"dsaaflkdaflkxEfrLEUH2Bsfdsjfdksfjdsklfj","firstName":"Steve","lastName":"Smith"}
然而,當我重新加載頁面;我發現響應中設置的cookie不存在。 Chrome Developer Tools的進一步調查發現,在登錄響應之後,cookie甚至無法保存;即使有一個Set-Cookie頭。
我不知道我在做什麼錯在這裏。通過網站上的類似問題和他們的迴應;我相信我已經正確設置了所有cookie,以便在我的子域名中保存和重新發送。過去一個小時一直在谷歌搜索,但沒有發現任何東西。有任何想法嗎?