apache 跨子域和主机的 Cookie
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/376403/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Cookies across subdomains and hosts
提问by nmjk
In the application I'm writing using a combination of development environments and languages, I have need of accessing a cookie from two different subdomains, each on a separate host.
在我使用开发环境和语言的组合编写的应用程序中,我需要访问来自两个不同子域的 cookie,每个子域都在一个单独的主机上。
The cookie is being set on www.mydomain.comusing the PHP code that follows, and I'm attempting to access it from distant.mydomain.comon a separate host.
cookie 正在www.mydomain.com使用后面的 PHP 代码设置,我正在尝试从distant.mydomain.com单独的主机上访问它。
setcookie('token', base64_encode(serialize($token)), time()+10800, '/', '.mydomain.com');
I'm trying to access the cookie from distant.mydomain.comusing the following code:
我正在尝试distant.mydomain.com使用以下代码访问 cookie :
if (isset($_COOKIE['token'])) { /* do stuff */ }
The problem: distant.mydomain.comis not finding the cookie.The ifstatement just mentioned returns false, even though the cookie exists.
问题:distant.mydomain.com没有找到 cookie。if刚才提到 的语句返回 false,即使 cookie 存在。
I have verified that the cookie that is set is for mydomain.com(by checking my Firefox cookies). I can't think of any reason this wouldn't be working.
我已经验证设置的 cookie 是用于mydomain.com(通过检查我的 Firefox cookie)。我想不出任何原因这行不通。
Using the same setcookiecode, I have an old application running exclusively on the www.mydomain.comhost, and that application is able to access the cookie across domains. This makes me suspect that the problem has to do with separate hosts.
使用相同的setcookie代码,我有一个专门在www.mydomain.com主机上运行的旧应用程序,并且该应用程序能够跨域访问 cookie。这让我怀疑问题与单独的主机有关。
Just in case any of the following information is pertinent:
- www.mydomain.comis IIS 6.0
- distant.mydomain.comis Apache 2.2.9
- Both servers use PHP 5.2.x
- Both servers are operating on Windows Server 2003
以防万一以下任何信息是相关的:
-www.mydomain.com是 IIS 6.0
-distant.mydomain.com是 Apache 2.2.9
- 两台服务器都使用 PHP 5.2.x
- 两台服务器都在 Windows Server 2003 上运行
If there is any further information I can provide in order to better describe the problem, please let me know!
如果我可以提供任何进一步的信息以更好地描述问题,请告诉我!
采纳答案by nmjk
For the benefit of anyone reading this question the code and information contained in the original post are exactly correct and work fine.
为了阅读这个问题的任何人的利益,原始帖子中包含的代码和信息完全正确并且工作正常。
The problem is when you introduce other technology. For instance, I have since learned that sending PHP code through a Python module, one that allows Django to serve PHP files/content, changes a great deal about what is accessible to the script and what is not.
问题是当你引入其他技术时。例如,我后来了解到通过 Python 模块发送 PHP 代码,该模块允许 Django 为 PHP 文件/内容提供服务,对脚本可以访问的内容和不可访问的内容发生了很大的变化。
This was eventually discovered following the advice of Marc Novakowski, who suggested sending $_COOKIEto the log in order to find out what was there.
这最终是在Marc Novakowski的建议下发现的,他建议发送$_COOKIE到日志以找出那里的内容。
I also checked out $_SERVERand $_GET. It was the emptiness of $_GETthat tipped me off that the setup I am attempting to use is not as straightforward as I had thought. It was that mistaken understanding that led to not including the information about Django in the original post.
我也签出$_SERVER和$_GET。正是这种空虚$_GET让我意识到我尝试使用的设置并不像我想象的那么简单。正是这种错误的理解导致原始帖子中没有包含有关 Django 的信息。
Apologies andthanks to all who responded to this question!
向所有回答此问题的人表示歉意和感谢!
回答by FYA
Cookies set in domain
域中设置的 Cookie
'.aaa.sub.domain.com'
'.aaa.sub.domain.com'
will collide with identically named cookies set in domain
将与域中设置的同名 cookie 发生冲突
'.sub.domain.com'
'.sub.domain.com'
and '.some.stupidly.obscure.multi.sub.domain.com'
和 '.some.stupidly.obscure.multi.sub.domain.com'
That means (and this took some time to wade thru) if you're going to use the same-named cookie across multiple domains, you must set it once (and once only) in the main/base domain, in this case '.domain.com'; otherwise, the resulting cookie will be indeterminantly and randomly returned arrived at, sometimes the cookie 'jasper' set in .a.sub.domain.com, sometimes the cookie 'jasper' set in .sub.domain.com, sometimes the cookie 'jasper' set in .b.c.d.domain.com, sometimes the cookie 'jasper' set in '.sub.domain.com' and sometimes the cookie 'jasper' set in '.domain.com'
这意味着(这需要一些时间来处理)如果您要跨多个域使用同名 cookie,则必须在主域/基本域中设置一次(并且仅设置一次),在本例中为 '. domain.com'; 否则,生成的 cookie 将不确定地随机返回到达,有时是 .a.sub.domain.com 中设置的 cookie 'jasper',有时是 .sub.domain.com 中设置的 cookie 'jasper',有时是 cookie ' jasper' 设置在 .bcddomain.com 中,有时 cookie 'jasper' 设置在 '.sub.domain.com' 中,有时 cookie 'jasper' 设置在 '.domain.com'
回答by Martijn Laarman
Does one of the subdomains use an underscore ? IE has problems accepting cookies from subdomain's that dont follow the URI RFC.
子域之一是否使用下划线?IE 无法接受来自不遵循 URI RFC 的子域的 cookie。
This is asumming 'distant' is a placeholder and not the actual subdomain name and of course that you use IE. Although more browsers could very well be effected by as, Fireworks doesn't though.
这是假设 'distant' 是一个占位符而不是实际的子域名,当然您使用的是 IE。虽然更多的浏览器很可能会受到 as 的影响,但 Fireworks 不会。
回答by Marc Novakowski
I'd try installing Charles Proxyand see what headers are a) being sent to Firefox to begin with (to set the cookie) and b) which headers are being sent from Firefox to the second server. At least that way you can narrow down where the problem is (browser or server).
我会尝试安装Charles Proxy并查看 a) 开始发送到 Firefox 的标头(设置 cookie)和 b) 哪些标头从 Firefox 发送到第二台服务器。至少这样你可以缩小问题所在(浏览器或服务器)。
回答by qualbeen
From php.net about the setCookie-function:
来自 php.net 关于setCookie功能:
The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in.
The domain that the cookie is available. To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers. Setting it to www.example.com will make the cookie only available in the www subdomain. Refer to tail matching in the ? spec for details.
cookie 可用的服务器上的路径。如果设置为“/”,cookie 将在整个域中可用。如果设置为 '/foo/',则 cookie 将仅在 /foo/ 目录和域的所有子目录(例如 /foo/bar/ )中可用。默认值是设置 cookie 的当前目录。
cookie 可用的域。要使 cookie 在 example.com 的所有子域上可用,您需要将其设置为“.example.com”。这 。不是必需的,但使其与更多浏览器兼容。将其设置为 www.example.com 将使 cookie 仅在 www 子域中可用。参考 ? 中的尾部匹配。详细说明。
Basically: Your 4. and 5. parameter needs to be checked: Well, your path seems to be fine, but the domain needs to be changed:
基本上:您的 4. 和 5. 参数需要检查:嗯,您的路径似乎没问题,但需要更改域:
Today you block the cookie to all others than domain A, but you want it to be awailable to both domain A and B. This is a bit tricky, but can be solved. Get inspiration on 15seconds;-)
今天,您将 cookie 阻止给域 A 之外的所有其他人,但您希望它对域 A 和域 B 都可用。这有点棘手,但可以解决。在15 秒内获得灵感;-)
