java 为不同的域设置 cookie
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32373836/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
set cookies for different domains
提问by vlcod
I have two domains: sharepoint.server.com AND app.server.com
我有两个域:sharepoint.server.com 和 app.server.com
In the application from domain app.server.com I do invisible ntlm authentication on the server sharepoint.server.com.
在域 app.server.com 的应用程序中,我在服务器 sharepoint.server.com 上进行了不可见的 ntlm 身份验证。
sharepoint.server.com returns me its cookies. How is it possible to write these cookies to the browser's memory?
sharepoint.server.com 返回给我它的 cookie。如何将这些 cookie 写入浏览器的内存?
It's possible to write these cookies, but just with domain app.server.com, but I need to write it with domain sharepoint.server.com.
可以使用域 app.server.com 编写这些 cookie,但我需要使用域 sharepoint.server.com 编写它。
So, if it's written to the browser's memory, sharepoint.server.com will never show authentication user window again based on the existing cookies. However, it cannot read these cookies, because it's different domain.
因此,如果它被写入浏览器的内存,sharepoint.server.com 将永远不会基于现有的 cookie 再次显示身份验证用户窗口。但是,它无法读取这些 cookie,因为它是不同的域。
DefaultHttpClient httpClient = new DefaultHttpClient(cm,params);
httpClient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());
httpClient.getCredentialsProvider().setCredentials(new AuthScope(AuthScope.ANY),
new NTCredentials("login", "pass", null, "server.net"));
HttpGet httpget = new HttpGet("htts://sharepoint.server.com/");
HttpResponse response;
try {
response = httpClient.execute(httpget);
StatusLine entity = response.getStatusLine();
System.out.println("executing request " + httpget.getRequestLine());
System.out.println(entity.toString());
System.out.println("");
Header[] headers = response.getAllHeaders();
for (Header header : headers) {
System.out.println(header.getName() + " : " + header.getValue());
}
List<Cookie> cookies = httpClient.getCookieStore.getCookies();
for(Cookie cookie:cookies)
{
JavaApp.getInstance().getMainWindow().executeJavaScript(
"document.cookie='" + cookie.getName()+"="+cookie.getValue() +"; domain="+cookie.getDomain()+"; path="+cookie.getPath()+"'");
}
Now it doesnt write cookies at all, because cookie.getDomain()=sharepoint.server.com, and it cannot be written.
现在完全不写cookies了,因为cookie.getDomain()=sharepoint.server.com,也写不出来。
If I remove domain=cookie.getDomain() from the line, it writes cookies to the momory, but uses domain domain "app.server.com"
如果我从行中删除 domain=cookie.getDomain(),它会将 cookie 写入内存,但使用域域“app.server.com”
But I need to write these cookies with domain sharepoint.server.com
但我需要用域 sharepoint.server.com 编写这些 cookie
How is it possible to make it?
怎么可能做到?
回答by Supamiu
You can not set Cookies for another domain. If you could, it would probably be the most severe security flaw Ever.
您不能为另一个域设置 Cookie。如果可以,这可能是有史以来最严重的安全漏洞。
Imagine if you could write cookie for Facebook, Google, etc...
想象一下,如果您可以为 Facebook、Google 等编写 cookie...
Check this Topic, I think it can help you finding the good solution: How to set a cookie for another domain
检查此主题,我认为它可以帮助您找到好的解决方案:How to set a cookie for another domain
EDIT:
编辑:
Another solution found on SO: Cross-Domain Cookies, it could be what you're looking for.
在 SO 上找到的另一个解决方案:Cross-Domain Cookies,它可能是您正在寻找的。
回答by miw
Set the domain of the authentication cookie to just the domain part, without the sub-domain:
将身份验证 cookie 的域设置为域部分,没有子域:
JavaApp.getInstance()
.getMainWindow().executeJavaScript(
"document.cookie='" + cookie.getName()
+"="+cookie.getValue()
+"; domain=server.com; path="
+cookie.getPath()+"'");
This cookie should now be accessible to all sub domains of server.com
这个cookie现在应该可以被server.com的所有子域访问
