A javascript application running on 10.0.0.1
tries to authenticate it's users with cross-domain ajax calls.
运行在10.0.0.1上的javascript应用程序试图通过跨域ajax调用对其用户进行身份验证。
The request looks like:
请求的样子:
function test(again){
$.ajax({
type: 'GET',
url: 'http://example.com/userinfo',
dataType: 'json',
success: function(userinfo){
if(again)
test(false);}});}
test(true);
The first response from the server tries to set a cookie:
服务器的第一个响应尝试设置一个cookie:
Access-control-allow-origin:http://10.0.0.1
Set-Cookie:PHPSESSID=uuj599r4k1ohp48f1poobil665; expires=Sat, 28-Jan-2012 17:10:40 GMT; path=/
But the second request does not include this cookie, nor do any other ajax requests to that domain.
但是第二个请求不包含此cookie,也不包含对该域的任何其他ajax请求。
I am not trying to read the cookie for another domain, I just want the application on the other domain to be able to set and read its own cookie.
我并不是要为另一个域读取cookie,我只是希望另一个域上的应用程序能够设置并读取它自己的cookie。
Is this possible?
这是可能的吗?
I have tested in Chrome and Firefox 9.
我已经测试过Chrome和Firefox 9。
4 个解决方案
#1
11
server should set header:
服务器应该设置标题:
response.Headers.Add("Access-Control-Allow-Credentials", "true");
client set to:
客户端设置为:
xhrFields: {
withCredentials: true
}
#2
10
As long as you are using a browser which supports CORS, cookies on the AJAX request should work. But you must set withCredentials
on the XMLHttpRequest
to true.
只要使用支持CORS的浏览器,AJAX请求上的cookie就可以工作。但是必须将XMLHttpRequest上的凭据设置为true。
See: The withCredentials attribute
看:withCredentials属性
I don't use JQuery but here's a question that deals specifically with setting withCredentials
via JQuery.
我不使用JQuery,但这里有一个问题专门处理通过JQuery设置凭据。
Sending credentials with cross-domain posts?
使用跨域post发送凭据?
#3
1
No, cookies cannot be shared cross domain. The same origin policy could be circumvented for AJAX calls using the Access-Control-*
headers assuming the browser supports them, but for cookies there's no way.
不,cookie不能共享跨域。假设浏览器支持AJAX调用,那么可以使用Access-Control-* header绕过相同的起源策略,但对于cookie来说,这是不可能的。
#4
0
+Darin Dimitrov suspects that "the cookie is not saved by the browser because it comes from another domain than the one hosting the page which is at the origin of this call".
+Darin Dimitrov怀疑“浏览器并没有保存cookie,因为它来自于另一个域,而不是承载这个调用的页面”。
However, the cookie gets set as desired when using JSONP, but JSONP is only for GET requests.
然而,当使用JSONP时,cookie会按需要设置,但是JSONP只用于GET请求。
My solution is to retrieve the cookie (a PHP session id) by loading the following php file in a <script>
:
我的解决方案是通过在
<? echo $_GET['callback'] . '("' . session_id() . '")'; ?>
And to pass the session id as a request variable in all cross-domain POST requests.
并将会话id作为请求变量在所有跨域POST请求中传递。
#1
11
server should set header:
服务器应该设置标题:
response.Headers.Add("Access-Control-Allow-Credentials", "true");
client set to:
客户端设置为:
xhrFields: {
withCredentials: true
}
#2
10
As long as you are using a browser which supports CORS, cookies on the AJAX request should work. But you must set withCredentials
on the XMLHttpRequest
to true.
只要使用支持CORS的浏览器,AJAX请求上的cookie就可以工作。但是必须将XMLHttpRequest上的凭据设置为true。
See: The withCredentials attribute
看:withCredentials属性
I don't use JQuery but here's a question that deals specifically with setting withCredentials
via JQuery.
我不使用JQuery,但这里有一个问题专门处理通过JQuery设置凭据。
Sending credentials with cross-domain posts?
使用跨域post发送凭据?
#3
1
No, cookies cannot be shared cross domain. The same origin policy could be circumvented for AJAX calls using the Access-Control-*
headers assuming the browser supports them, but for cookies there's no way.
不,cookie不能共享跨域。假设浏览器支持AJAX调用,那么可以使用Access-Control-* header绕过相同的起源策略,但对于cookie来说,这是不可能的。
#4
0
+Darin Dimitrov suspects that "the cookie is not saved by the browser because it comes from another domain than the one hosting the page which is at the origin of this call".
+Darin Dimitrov怀疑“浏览器并没有保存cookie,因为它来自于另一个域,而不是承载这个调用的页面”。
However, the cookie gets set as desired when using JSONP, but JSONP is only for GET requests.
然而,当使用JSONP时,cookie会按需要设置,但是JSONP只用于GET请求。
My solution is to retrieve the cookie (a PHP session id) by loading the following php file in a <script>
:
我的解决方案是通过在
<? echo $_GET['callback'] . '("' . session_id() . '")'; ?>
And to pass the session id as a request variable in all cross-domain POST requests.
并将会话id作为请求变量在所有跨域POST请求中传递。