C# 在Chrome中设置cookie域_C#_Asp.net Web Api_Http Headers_Forms Authentication_Session Cookies

C# 在Chrome中设置cookie域

c# asp.net-web-api

C# 在Chrome中设置cookie域,c#,asp.net-web-api,http-headers,forms-authentication,session-cookies,C#,Asp.net Web Api,Http Headers,Forms Authentication,Session Cookies,我有一个Web API控制器，用于验证用户并在响应上设置cookie： // create the response var response = this.Request.CreateResponse(HttpStatusCode.OK); var cookie = new CookieHeaderValue( FormsAuthentication.FormsCookieName, user.GenerateEncryptedTicket(persistent) ); va

我有一个Web API控制器，用于验证用户并在响应上设置cookie：

// create the response
var response = this.Request.CreateResponse(HttpStatusCode.OK);

var cookie = new CookieHeaderValue(
    FormsAuthentication.FormsCookieName,
    user.GenerateEncryptedTicket(persistent)
);
var host = Request.RequestUri.Host;

// NOTE: this causes failure in Chrome if hosted locally (localhost) 
// http://stackoverflow.com/a/5849409/99373
if (!host.Equals("localhost", StringComparison.OrdinalIgnoreCase))
{
    // are we in a sub-domain
    if (host.Split('.').Length > 2)
    {
        // set the domain as '.domain.com'
        // NOTE: this does not work in chrome
        cookie.Domain = host.Substring(host.LastIndexOf('.', host.LastIndexOf('.') - 1));
    }
    else
    {
        // set the domain as 'domain.com'
        // NOTE: this does not work in chrome either
        cookie.Domain = host;
    }
}

cookie.Expires = DateTime.Now.Add(FormsAuthentication.Timeout);
cookie.Path = "/";
cookie.HttpOnly = true;

// mark the session as authenticated
response.Headers.AddCookies(new CookieHeaderValue[] { cookie });

不幸的是，这在IE和Firefox中有效，但在Chrome中无效。如果我将设置

cookie.Domain

的部分全部注释掉，那么Chrome就可以工作了

你知道为什么吗