我有两个WebApp1和WebApp2在两个不同的域。
我在WebApp1的HttpResponse中设置了一个cookie。 如何从WebApp2中的HttpRequest读取相同的cookie ?
我知道这听起来很奇怪,因为cookie是特定于给定域的,我们不能从不同的域访问它们;不过我听说过跨域cookie,它可以在多个web应用程序之间共享。如何使用跨域cookie实现这一需求?
注意:我正在尝试使用J2EE web应用程序
当前回答
在nfriedly.com上有一个关于Facebook如何做到这一点的不错的概述
还有浏览器指纹识别,它与cookie不同,但作用类似,因为它可以帮助您以相当程度的确定性识别用户。Stack Overflow上有一篇文章提到了一种指纹识别方法
其他回答
没有所谓的跨域cookie。您可以在foo.example.com和bar.example.com之间共享cookie,但绝不可以在example.com和example2.com之间共享cookie,这是出于安全原因。
除了@Ludovic(已批准的答案)的答案外,我们需要在获得set-cookies报头时检查另一个选项,
set-cookie: SESSIONID=60B2E91C53B976B444144063; Path=/dev/api/abc; HttpOnly
还要检查Path属性值。这应该与下面所示的API起始上下文路径相同
https://www.example.com/dev/api/abc/v1/users/123
或者在不确定上下文路径时使用下面的值
Path=/;
做谷歌正在做的事情。创建一个PHP文件,在所有3个域上设置cookie。然后在主题将要设置的域上,创建一个HTML文件,该文件将加载在其他2个域上设置cookie的PHP文件。例子:
<html>
<head></head>
<body>
<p>Please wait.....</p>
<img src="http://domain2.example/setcookie.php?theme=whateveryourthemehere" />
<img src="http://domain3.example/setcookie.php?theme=whateveryourthemehere" />
</body>
</html>
然后在body标签上添加一个onload回调。文档只会加载时,图像完全加载,即当cookie设置在其他2个域。Onload回调:
<head>
<script>
function loadComplete(){
window.location="http://domain1.example";//URL of domain1
}
</script>
</head>
<body onload="loadComplete()">
setcookie.php
我们使用PHP文件在其他域上设置cookie,如下所示:
<?php
if(isset($_GET['theme'])){
setcookie("theme", $_GET['theme'], time()+3600);
}
?>
现在在三个域中设置了cookie。
最聪明的解决办法就是效仿facebook的做法。当你访问任何域名时,facebook如何知道你是谁?其实很简单:
The Like button actually allows Facebook to track all visitors of the external site, no matter if they click it or not. Facebook can do that because they use an iframe to display the button. An iframe is something like an embedded browser window within a page. The difference between using an iframe and a simple image for the button is that the iframe contains a complete web page – from Facebook. There is not much going on on this page, except for the button and the information about how many people have liked the current page.
所以当你在cnn.com上看到一个“喜欢”按钮时,你实际上是在同时访问一个Facebook页面。这使得Facebook可以读取你电脑上的cookie,这些cookie是它在你上次登录Facebook时创建的。
每种浏览器的一个基本安全规则是,只有创建了cookie的网站以后才能读取它。这就是iframe的优势:它允许Facebook读取你的Facebook-cookie,即使你在访问另一个网站。这就是他们如何在cnn.com上认出你,并在那里展示你的朋友。
来源:
http://dorianroy.com/blog/2010/04/how-facebooks-like-button-works/ https://stackoverflow.com/a/8256920/715483
function GetOrder(status, filter) {
var isValid = true; //isValidGuid(customerId);
if (isValid) {
var refundhtmlstr = '';
//varsURL = ApiPath + '/api/Orders/Customer/' + customerId + '?status=' + status + '&filter=' + filter;
varsURL = ApiPath + '/api/Orders/Customer?status=' + status + '&filter=' + filter;
$.ajax({
type: "GET",
//url: ApiPath + '/api/Orders/Customer/' + customerId + '?status=' + status + '&filter=' + filter,
url: ApiPath + '/api/Orders/Customer?status=' + status + '&filter=' + filter,
dataType: "json",
crossDomain: true,
xhrFields: {
withCredentials: true
},
success: function (data) {
var htmlStr = '';
if (data == null || data.Count === 0) {
htmlStr = '<div class="card"><div class="card-header">Bu kriterlere uygun sipariş bulunamadı.</div></div>';
}
else {
$('#ReturnPolicyBtnUrl').attr('href', data.ReturnPolicyBtnUrl);
var groupedData = data.OrderDto.sort(function (x, y) {
return new Date(y.OrderDate) - new Date(x.OrderDate);
});
groupedData = _.groupBy(data.OrderDto, function (d) { return toMonthStr(d.OrderDate) });
localStorage['orderData'] = JSON.stringify(data.OrderDto);
$.each(groupedData, function (key, val) {
var sortedData = groupedData[key].sort(function (x, y) {
return new Date(y.OrderDate) - new Date(x.OrderDate);
});
htmlStr += '<div class="card-header">' + key + '</div>';
$.each(sortedData, function (keyitem, valitem) {
//Date Convertions
if (valitem.StatusDesc != null) {
valitem.StatusDesc = valitem.StatusDesc;
}
var date = valitem.OrderDate;
date = date.substring(0, 10).split('-');
date = date[2] + '.' + date[1] + '.' + date[0];
htmlStr += '<div class="col-lg-12 col-md-12 col-xs-12 col-sm-12 card-item clearfix ">' +
//'<div class="card-item-head"><span class="order-head">Sipariş No: <a href="ViewOrderDetails.html?CustomerId=' + customerId + '&OrderNo=' + valitem.OrderNumber + '" >' + valitem.OrderNumber + '</a></span><span class="order-date">' + date + '</span></div>' +
'<div class="card-item-head"><span class="order-head">Sipariş No: <a href="ViewOrderDetails.html?OrderNo=' + valitem.OrderNumber + '" >' + valitem.OrderNumber + '</a></span><span class="order-date">' + date + '</span></div>' +
'<div class="card-item-head-desc">' + valitem.StatusDesc + '</div>' +
'<div class="card-item-body">' +
'<div class="slider responsive">';
var i = 0;
$.each(valitem.ItemList, function (keylineitem, vallineitem) {
var imageUrl = vallineitem.ProductImageUrl.replace('{size}', 200);
htmlStr += '<div><img src="' + imageUrl + '" alt="' + vallineitem.ProductName + '"><span class="img-desc">' + ProductNameStr(vallineitem.ProductName) + '</span></div>';
i++;
});
htmlStr += '</div>' +
'</div>' +
'</div>';
});
});
$.each(data.OrderDto, function (key, value) {
if (value.IsSAPMigrationflag === true) {
refundhtmlstr = '<div class="notify-reason"><span class="note"><B>Notification : </B> Geçmiş siparişleriniz yükleniyor. Lütfen kısa bir süre sonra tekrar kontrol ediniz. Teşekkürler. </span></div>';
}
});
}
$('#orders').html(htmlStr);
$("#notification").html(refundhtmlstr);
ApplySlide();
},
error: function () {
console.log("System Failure");
}
});
}
}
. config
包括UI原点和设置允许凭据为真
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://burada.com" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
推荐文章
- HttpOnly cookie如何与AJAX请求一起工作?
- VS2013外部构建错误"error MSB4019: The imported project <path> was not found"
- getJSON调用中的错误处理
- 如何唯一地识别访问我网站的计算机?
- 正确的方式删除cookies服务器端
- 使用jQuery创建、读取和删除cookie
- Chrome不会删除会话cookie
- 令牌身份验证vs. cookie
- 如何为其他域设置cookie
- JWT vs cookie用于基于令牌的身份验证
- 设置cookie永不过期
- 为跨源请求设置cookie
- cookie与会话
- 我如何解决“HTTP错误500.19 -内部服务器错误”在IIS7.0
- SameSite警告Chrome 77
