如何为另一个域设置cookie

时间:2021-08-31 04:43:22

Say I have a website called a.com, and when a specific page of this site is loaded, say page link, I like to set a cookie for another site called b.com, then redirect the user to b.com.

假设我有一个叫做a.com的网站,当这个网站的特定页面被加载时,比如页面链接,我喜欢为另一个叫做b.com的网站设置一个cookie,然后将用户重定向到b.com。

I mean, on load of a.com/link I want to set a cookie for b.com and redirect user to b.com.

我的意思是,在加载a.com/link时,我想为b.com设置一个cookie并将用户重定向到b.com。

I tested it, and browser actually received the cookie from a.com/link, but it didn't send that cookie on the redirection request to b.com. Is it normal?

我对它进行了测试,浏览器实际上从a.com/link.com收到了cookie,但它并没有将该cookie发送到b.com的重定向请求。是正常的吗?

Can we set cookies for other domains?

我们可以为其他域设置cookie吗?

8 个解决方案

#1


88  

You cannot set cookies for another domain. Allowing this would present an enormous security flaw.

不能为另一个域设置cookie。允许这样做会带来巨大的安全漏洞。

You need to get b.com to set the cookie. If a.com redirect the user to b.com/setcookie.php?c=value

你需要让b.com来设置cookie。如果网站将用户重定向到b.com/setcookie.php?

The setcookie script could contain the following to set the cookie and redirect to the correct page on b.com

setcookie脚本可以包含以下内容来设置cookie并重定向到b.com上的正确页面

<?php
    setcookie('a', $_GET['c']);
    header("Location: b.com/landingpage.php");
?>

#2


36  

Similar to the top answer, but instead of redirecting to the page and back again which will cause a bad user experience you can set an image on domain A.

类似于顶部的答案,但不是重定向到页面和返回,这将导致糟糕的用户体验,您可以在域a上设置一个图像。

<img src="http://www.example.com/cookie.php?val=123" style="display:none;">

And then on domain B that is example.com in cookie.php you'll have the following code:

然后在域名B上,也就是cookie中的example.com。php代码如下:

<?php
    setcookie('a', $_GET['val']);
?>

Hattip to Subin

Hattip,Subin

#3


12  

Probaly you can use Iframe for this. Facebook probably uses this technique. You can read more on this here. * uses similar technique, but with HTML5 local storage, more on this on their blog

你可以用Iframe来解决这个问题。Facebook可能会使用这种技术。你可以在这里读到更多。*使用了类似的技术,但是在HTML5本地存储中,更多的是在他们的博客上。

#4


4  

You can't. That would be a nasty security risk.

你不能。这将是一个严重的安全风险。

#5


4  

Setting cookies for another domain is not possible.

为另一个域设置cookie是不可能的。

If you want to pass data to another domain, you can encode this into the url.

如果希望将数据传递到另一个域,可以将其编码到url中。

a.com  ->  b.com/redirect?info=some+info (and set cookie) -> b.com/other+page

#6


2  

In case you have a.my-company.com and b.my-company.com instead of just a.com and b.com you can issue a cookie for .my-company.com domain - it will be accepted and sent to both of the domains.

如果你有一个。my-company.com和b.my-company.com,而不只是。a.com和b.com,你可以为。my-company.com域名发行一个cookie——它将被接受并发送到这两个域名。

#7


2  

see RFC6265:

看到RFC6265:

The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".

用户代理将拒绝cookie,除非域属性指定包含源服务器的cookie的范围。例如,用户代理将从foo.example.com接收具有“example.com”或“foo.example.com”域属性的cookie,但是用户代理将不接受具有“bar. foo. com”或“baz.foo.example.com”域属性的cookie。

NOTE: For security reasons, many user agents are configured to reject Domain attributes that correspond to "public suffixes". For example, some user agents will reject Domain attributes of "com" or "co.uk". (See Section 5.3 for more information.)

注意:出于安全原因,许多用户代理被配置为拒绝与“公共后缀”对应的域属性。例如,一些用户代理将拒绝“com”或“co.uk”的域属性。(详见第5.3节)

But the above mentioned workaround with image/iframe works, though it's not recommended due to its insecurity.

但是上面提到的使用image/iframe的方法是可行的,但是由于不安全,不推荐使用它。

#8


0  

You can't, but... If you own both pages then...

你不能,但是……如果你同时拥有这两页……

1) You can send the data via query params (http://siteB.com/?key=value)

1)可以通过查询解析器(http://siteB.com/?key=value)发送数据

2) You can create an iframe of Site B inside site A and you can send post messages from one place to the other. As Site B is the owner of site B cookies it will be able to set whatever value you need by processing the correct post message. (You should prevent other unwanted senders to send messages to you! that is up to you and the mechanism you decide to use to prevent that from happening)

2)可以在A站点内创建B站点的iframe,可以从一个位置向另一个位置发送邮件。由于站点B是站点B cookie的所有者,它可以通过处理正确的post消息来设置所需的任何值。(你应该防止其他不必要的寄件人向你发送信息!这取决于你和你决定用来防止这种情况发生的机制)

#1


88  

You cannot set cookies for another domain. Allowing this would present an enormous security flaw.

不能为另一个域设置cookie。允许这样做会带来巨大的安全漏洞。

You need to get b.com to set the cookie. If a.com redirect the user to b.com/setcookie.php?c=value

你需要让b.com来设置cookie。如果网站将用户重定向到b.com/setcookie.php?

The setcookie script could contain the following to set the cookie and redirect to the correct page on b.com

setcookie脚本可以包含以下内容来设置cookie并重定向到b.com上的正确页面

<?php
    setcookie('a', $_GET['c']);
    header("Location: b.com/landingpage.php");
?>

#2


36  

Similar to the top answer, but instead of redirecting to the page and back again which will cause a bad user experience you can set an image on domain A.

类似于顶部的答案,但不是重定向到页面和返回,这将导致糟糕的用户体验,您可以在域a上设置一个图像。

<img src="http://www.example.com/cookie.php?val=123" style="display:none;">

And then on domain B that is example.com in cookie.php you'll have the following code:

然后在域名B上,也就是cookie中的example.com。php代码如下:

<?php
    setcookie('a', $_GET['val']);
?>

Hattip to Subin

Hattip,Subin

#3


12  

Probaly you can use Iframe for this. Facebook probably uses this technique. You can read more on this here. * uses similar technique, but with HTML5 local storage, more on this on their blog

你可以用Iframe来解决这个问题。Facebook可能会使用这种技术。你可以在这里读到更多。*使用了类似的技术,但是在HTML5本地存储中,更多的是在他们的博客上。

#4


4  

You can't. That would be a nasty security risk.

你不能。这将是一个严重的安全风险。

#5


4  

Setting cookies for another domain is not possible.

为另一个域设置cookie是不可能的。

If you want to pass data to another domain, you can encode this into the url.

如果希望将数据传递到另一个域,可以将其编码到url中。

a.com  ->  b.com/redirect?info=some+info (and set cookie) -> b.com/other+page

#6


2  

In case you have a.my-company.com and b.my-company.com instead of just a.com and b.com you can issue a cookie for .my-company.com domain - it will be accepted and sent to both of the domains.

如果你有一个。my-company.com和b.my-company.com,而不只是。a.com和b.com,你可以为。my-company.com域名发行一个cookie——它将被接受并发送到这两个域名。

#7


2  

see RFC6265:

看到RFC6265:

The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".

用户代理将拒绝cookie,除非域属性指定包含源服务器的cookie的范围。例如,用户代理将从foo.example.com接收具有“example.com”或“foo.example.com”域属性的cookie,但是用户代理将不接受具有“bar. foo. com”或“baz.foo.example.com”域属性的cookie。

NOTE: For security reasons, many user agents are configured to reject Domain attributes that correspond to "public suffixes". For example, some user agents will reject Domain attributes of "com" or "co.uk". (See Section 5.3 for more information.)

注意:出于安全原因,许多用户代理被配置为拒绝与“公共后缀”对应的域属性。例如,一些用户代理将拒绝“com”或“co.uk”的域属性。(详见第5.3节)

But the above mentioned workaround with image/iframe works, though it's not recommended due to its insecurity.

但是上面提到的使用image/iframe的方法是可行的,但是由于不安全,不推荐使用它。

#8


0  

You can't, but... If you own both pages then...

你不能,但是……如果你同时拥有这两页……

1) You can send the data via query params (http://siteB.com/?key=value)

1)可以通过查询解析器(http://siteB.com/?key=value)发送数据

2) You can create an iframe of Site B inside site A and you can send post messages from one place to the other. As Site B is the owner of site B cookies it will be able to set whatever value you need by processing the correct post message. (You should prevent other unwanted senders to send messages to you! that is up to you and the mechanism you decide to use to prevent that from happening)

2)可以在A站点内创建B站点的iframe,可以从一个位置向另一个位置发送邮件。由于站点B是站点B cookie的所有者,它可以通过处理正确的post消息来设置所需的任何值。(你应该防止其他不必要的寄件人向你发送信息!这取决于你和你决定用来防止这种情况发生的机制)