javascript 跨域ajax请求后保留cookie
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8854816/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Keeping the cookie after a cross-domain ajax request
提问by AtnNn
A javascript application running on 10.0.0.1tries to authenticate it's users with cross-domain ajax calls.
运行的 javascript 应用程序10.0.0.1尝试通过跨域 ajax 调用来验证它的用户。
The request looks like:
请求看起来像:
function test(again){
$.ajax({
type: 'GET',
url: 'http://example.com/userinfo',
dataType: 'json',
success: function(userinfo){
if(again)
test(false);}});}
test(true);
The first response from the server tries to set a cookie:
来自服务器的第一个响应尝试设置 cookie:
Access-control-allow-origin:http://10.0.0.1
Set-Cookie:PHPSESSID=uuj599r4k1ohp48f1poobil665; expires=Sat, 28-Jan-2012 17:10:40 GMT; path=/
But the second request does not include this cookie, nor do any other ajax requests to that domain.
但是第二个请求不包含此 cookie,也不包含对该域的任何其他 ajax 请求。
I am not trying to read the cookie for another domain, I just want the application on the other domain to be able to set and read its own cookie.
我不是要读取另一个域的 cookie,我只是希望另一个域上的应用程序能够设置和读取它自己的 cookie。
Is this possible?
这可能吗?
I have tested in Chrome and Firefox 9.
我已经在 Chrome 和 Firefox 9 中进行了测试。
回答by Teddy
server should set header:
服务器应该设置标题:
response.Headers.Add("Access-Control-Allow-Credentials", "true");
client set to:
客户端设置为:
xhrFields: {
withCredentials: true
}
回答by Debby Mendez
As long as you are using a browser which supports CORS, cookies on the AJAX request should work. But you must set withCredentialson the XMLHttpRequestto true.
只要您使用支持 CORS 的浏览器,AJAX 请求上的 cookie 就应该可以工作。但你必须设置withCredentials的XMLHttpRequest为true。
See: The withCredentials attribute
I don't use JQuery but here's a question that deals specifically with setting withCredentialsvia JQuery.
我不使用 JQuery,但这里有一个专门处理withCredentials通过 JQuery设置的问题。
回答by Darin Dimitrov
No, cookies cannot be shared cross domain. The same origin policycould be circumvented for AJAX calls using the Access-Control-*headers assuming the browser supports them, but for cookies there's no way.
不,cookie 不能跨域共享。该同源策略可以规避使用AJAX调用Access-Control-*假设浏览器支持他们,但头饼干也没有办法。
回答by AtnNn
+Darin Dimitrov suspects that "the cookie is not saved by the browser because it comes from another domain than the one hosting the page which is at the origin of this call".
+Darin Dimitrov 怀疑“cookie 没有被浏览器保存,因为它来自另一个域,而不是托管这个调用源的页面的域”。
However, the cookie gets set as desired when using JSONP, but JSONP is only for GET requests.
但是,在使用 JSONP 时会根据需要设置 cookie,但 JSONP 仅适用于 GET 请求。
My solution is to retrieve the cookie (a PHP session id) by loading the following php file in a <script>:
我的解决方案是通过在以下 php 文件中加载以下 php 文件来检索 cookie(PHP 会话 ID)<script>:
<? echo $_GET['callback'] . '("' . session_id() . '")'; ?>
And to pass the session id as a request variable in all cross-domain POST requests.
并在所有跨域 POST 请求中将会话 ID 作为请求变量传递。
