Javascript Cookies - 跨多个域设置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8406719/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Cookies - set across multiple domains
提问by ClarkeyBoy
My company has a setup as follows:
我公司的设置如下:
- subdomain1.domain1.com
- subdomain2.domain1.com
- subdomain3.domain1.com
- subdomain4.domain1.com
- subdomain5.domain1.com
subdomain6.domain1.com
subdomain1.domain2.com
- subdomain2.domain2.com
- subdomain3.domain2.com
- subdomain4.domain2.com
- subdomain5.domain2.com
- subdomain6.domain2.com
- subdomain1.domain1.com
- subdomain2.domain1.com
- subdomain3.domain1.com
- subdomain4.domain1.com
- subdomain5.domain1.com
subdomain6.domain1.com
subdomain1.domain2.com
- subdomain2.domain2.com
- subdomain3.domain2.com
- subdomain4.domain2.com
- subdomain5.domain2.com
- subdomain6.domain2.com
On each site, bearing in mind there can be a hundred sites per subdomain, users can log in. We, as developers, have to test frontends across several browsers, but some work may only be required on a section once logged in.
在每个站点上,记住每个子域可以有 100 个站点,用户可以登录。 作为开发人员,我们必须跨多个浏览器测试前端,但一些工作可能只需要在登录后的某个部分上进行。
I have written a userscript which enables us to save a username and password (and other details which I cannot mention because of confidentiality). The script checks to see if the user account exists by filling in the login form and clicking the submit button. If not, it registers for us - thus automating the registration process.
我已经编写了一个用户脚本,它使我们能够保存用户名和密码(以及由于机密性我无法提及的其他详细信息)。该脚本通过填写登录表单并单击提交按钮来检查用户帐户是否存在。如果没有,它会为我们注册 - 从而使注册过程自动化。
Sharing cookies between subdomains on the same domain is easy. If I am on subdomain1.domain1.com I can save a cookie which can be retrieved by subdomain2.domain1.com. However, I would also like to save these for domain2. I do not appear to be able to get this to work.
在同一域的子域之间共享 cookie 很容易。如果我在 subdomain1.domain1.com 上,我可以保存一个可由 subdomain2.domain1.com 检索的 cookie。但是,我也想为 domain2 保存这些。我似乎无法让它发挥作用。
I can see two solutions from here - either:
我可以从这里看到两个解决方案 - 要么:
1) attach an iFrame using the userscript, which loads a site on domain2. This then uses the querystring to decide what to set to what, or;
1) 使用用户脚本附加一个 iFrame,它在 domain2 上加载一个站点。然后使用查询字符串来决定将什么设置为什么,或者;
2) use a form with method="POST", and simply post to a file on each domain.
2) 使用带有method="POST" 的表单,并简单地发布到每个域上的文件。
Either way will be resource intensive, particularly if the cookies are updated each time a cookie changes. We also have URL masking in place. So we'd also have to take into account sites like abc.clientdomain1.com, abc.clientdomain2.com etc.
无论哪种方式都会占用大量资源,尤其是在每次 cookie 更改时都会更新 cookie。我们也有 URL 掩码。因此,我们还必须考虑像 abc.clientdomain1.com、abc.clientdomain2.com 等站点。
Does anyone know of an easier way to do achieve this?
有谁知道更简单的方法来实现这一目标?
采纳答案by AlienWebguy
Create a common domain specifically for your cookies and use it as a getter/setter API.
专门为您的 cookie 创建一个公共域,并将其用作 getter/setter API。
http://cookie.domain.com/set/domain1
http://cookie.domain.com/get/domain1
http://cookie.domain.com/set/domain2
http://cookie.domain.com/get/domain2
and so on.
等等。
回答by Subin
This answer is a slightly different version of my answer on the question "Set cookie on multiple domains with PHP or JavaScript".
这个答案与我对“使用 PHP 或 JavaScript 在多个域上设置 cookie”问题的答案略有不同。
Do what Google is doing. Create a PHP(or any other server language file) file that sets the cookie on all 3 domains. Then on the domain where the login is going to be set, create a HTMLfile that would load the PHPfile that sets cookie on the other 2 domains. Example:
做谷歌正在做的事情。创建一个PHP(或任何其他服务器语言文件)文件,在所有 3 个域上设置 cookie。然后在要设置登录的域上,创建一个HTML文件,该文件将加载在其他 2 个域上设置 cookie的PHP文件。例子:
<html>
<head></head>
<body>
Please wait..........
<img src="http://domain2.com/setcookie.php?user=encryptedusername"/>
<img src="http://domain3.com/setcookie.php?user=encryptedusername"/>
</body>
</html>
Then add an onloadcallback on bodytag. The document will only load when the images completely load that is when cookies are set on the other 2 domains. Onload Callback :
然后在body标签上添加一个onload回调。该文档仅在图像完全加载时加载,即在其他 2 个域上设置 cookie 时。加载回调:
<head>
<script>
function loadComplete(){
window.location="http://domain1.com";//URL of domain1
}
</script>
</head>
<body onload="loadComplete()">
Now cookies are set on the threedomains.
现在 cookie 设置在三个域上。
回答by Jonathan Rich
Include a script tag from domain2 that sets the cookie using a username and hashed password:
包括来自 domain2 的脚本标签,该标签使用用户名和散列密码设置 cookie:
<script type="text/javascript" src="http://domain2.com/cookie_login_page.php?username=johnsmith&hash=1614aasdfgh213g"></script>
You can then check to ensure that the hashed passwords match (one way).
然后,您可以检查以确保散列密码匹配(一种方式)。
Key points:
关键点:
Make the hashes in the URL time sensitive by appending a timestamp that will be agreed upon by the server (for example, 16:00, 16:10, etc) before hashing the string. If you're using HTTPS this is less of an issue.
If your passwords are already hashed, it wont hurt to double-hash the passwords assuming the salts are the same on both servers.
通过在对字符串进行哈希处理之前附加服务器同意的时间戳(例如 16:00、16:10 等),使 URL 中的哈希值对时间敏感。如果您使用 HTTPS,这不是问题。
如果您的密码已经散列,假设两台服务器上的盐相同,那么对密码进行双重散列不会有什么坏处。
Sample PHP code:
示例 PHP 代码:
src:
源代码:
<script type="text/javascript" src="/cookie_login_page.php?username=<?php echo $username; ?>&hash=<?php echo md5($password . date('H')); ?>"></script>
dest:
目的地:
<?php
$password = get_password($_GET['username']);
if($_GET['hash'] == md5($password . date('H')) {
// set the cookie
}
回答by cdeszaq
For security reasons, sites cannot set or retrieve cookies on other domains. Scripting the form submit via javascript is likely the easiest to do, and will still store the cooikes you need in the browser cache.
出于安全原因,站点无法在其他域上设置或检索 cookie。通过 javascript 编写表单提交脚本可能是最容易做到的,并且仍会将您需要的 cookie 存储在浏览器缓存中。
回答by Craig
As stated by others, you can't access cookies across domains. However, if you have control of the server code, you can return information in the body, and allow your client to read and store that information per server.
正如其他人所说,您无法跨域访问 cookie。但是,如果您可以控制服务器代码,则可以在正文中返回信息,并允许您的客户端读取和存储每个服务器的信息。
In my case, I'm connecting a single client to multiple servers, maintaining an authenticated connection to each one. I need to know when the session for each one is going to expire, so the authentication service returns the cookie, plus it modifies the body of the response to send the relevant data back, so that I can read that data and set my own cookies.
就我而言,我将单个客户端连接到多个服务器,并与每个服务器保持经过身份验证的连接。我需要知道每个会话的会话何时到期,因此身份验证服务返回 cookie,并修改响应正文以将相关数据发回,以便我可以读取该数据并设置我自己的 cookie .
By doing this, I can manually track what I need. Won't work in every scenario, but might for some like me.
通过这样做,我可以手动跟踪我需要的内容。不会在所有情况下都有效,但可能适用于像我这样的人。
