首先是两个不同子域的域名,解析在不同服务器上的,当然目录也不同的。我在进行跨域操作(删除COOKIE)时,失败。无法操作。
我尝试过P3P协议,还是不行,这有办法实现吗?
回复内容:
首先是两个不同子域的域名,解析在不同服务器上的,当然目录也不同的。我在进行跨域操作(删除COOKIE)时,失败。无法操作。
我尝试过P3P协议,还是不行,这有办法实现吗?
cookies 定义在 RFC2109 标准。cookies 的大部分操作,由客户端也就是浏览器实现。
cookies 每一个 cookie 代表着一个 key-value 键值对,以及作用范围,和生命周期。
cookie 字段定义
作用范围(Scope): path
, domain
生命周期(Life cycle):也就是cookie的过期时间,expires
(GMT,UTC) 时间标准
安全作用域(Security Scope):HttpOnly
, Secure
跨域访问涉及 作用范围(Scope), 安全作用域(Security Scope)
如果 你不使用 js 操作 Cookie 的话,可以忽略 安全作用域(Security Scope)。
以上可能有点 抽象,但是你可以打开 chrome 按 F12 -> Resources -> Cookies
可以看到,类似下面这样
以上都是感念跟废话。重要看下面。
服务端只是 cookie 的接收者和解析者。由浏览器也就是客户端决定是否要将哪些 cookies
发送到到服务端。
而客户端是参考标准实现 RFC2109
的话(基本都是这样)。是根据 cookie 的 path, 和 domain 来发送。
我们假设,我们现在有两个 domain.
- oauth2.php123.com
- www.php123.com
如果想让 客户端将 www.php123.com
下面的 cookie 也发送到 oauth2.php123.com
下面。那么你需要,在 setcookie() 的时候,将 domain
设置成为 php123.com
。
<code>php 库函数 setcookie 的定义 bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] ) </code>
来个实在点的例子吧。
<code>php</code><code>// oauth.php123.com/cookie.php <?php setcookie("foo1", "bar1", time() + 3600, "/", "php123.com") setcookie("foo2", "bar1", time() + 3600) //domain 默认使用,当前domain。 setcookie("foo3", "bar3", time() + 3600, "/", "www.php123.com") </code></code>
<code>php</code><code>// www.php123.com/cookie.php <?php print_r($_COOKIE) // output array( 'foo1' => 'bar1', 'foo3'=> 'bar3' ) // 没有拿到 ['foo2' => 'bar2'],那是因为客户端只需将 domain 为`php123.com`,`www.php123.com`的 cookie 发送到 www.php123.com 这个域上。所以 cookie.php 只拿到了该拿到的两个 cookie。 </code>
以上代码可以很好的解释 cookie 的工作方式。理解好 cookie 的工作及机制可以实现很多高级功能。比如分布式的 session 共享。
反之亦然,自己去领悟吧。
1、楼上给出了子域名下的解决方案。很简单,在每次调用时,指定cookie的域为子域名。完全可以采用此方案。
http://stackoverflow.com/questions/22029530/sessions-cookies-shared-on-subdomains/22030121#22030121
2、P3P协议。是解决cookie跨域时的方案。a站生成cookie,b站删除a站cookie。
b站加js跨域:
<code><?php echo '<script src="http//www.a.com/delete-site-a-cookie.php?cookie_name=test">'; </code>
a站接收参数,执行删除
<code><?php //filter_cookie_name(); setcookie($cookie_name, '', time()-3600, '/'); </code></code>
但是,ie下会失效。。。原因么事浏览器安全策略的问题了,所以就得用到p3p.在删除前,加上协议:
<code><?php header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); //filter_cookie_name(); setcookie(); </code></code>
现在,你再看看。。
跨域跟PHP 没关系,cookie是通过请求头传递的,PHP 收到了请求必然能得到cookie
如果是www.a.com,和www.b.com, 是没有办法实现跨域操作的, 可以用变通的方法,比如jsonp等来解决。

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

ToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si

The steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.

The article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.

The article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.

Article discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Dreamweaver CS6
Visual web development tools

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
