首先是两个不同子域的域名,解析在不同服务器上的,当然目录也不同的。我在进行跨域操作(删除COOKIE)时,失败。无法操作。
我尝试过P3P协议,还是不行,这有办法实现吗?
回复内容:
首先是两个不同子域的域名,解析在不同服务器上的,当然目录也不同的。我在进行跨域操作(删除COOKIE)时,失败。无法操作。
我尝试过P3P协议,还是不行,这有办法实现吗?
cookies 定义在 RFC2109 标准。cookies 的大部分操作,由客户端也就是浏览器实现。
cookies 每一个 cookie 代表着一个 key-value 键值对,以及作用范围,和生命周期。
cookie 字段定义
作用范围(Scope): path, domain
生命周期(Life cycle):也就是cookie的过期时间,expires (GMT,UTC) 时间标准
安全作用域(Security Scope):HttpOnly, Secure
跨域访问涉及 作用范围(Scope), 安全作用域(Security Scope)
如果 你不使用 js 操作 Cookie 的话,可以忽略 安全作用域(Security Scope)。
以上可能有点 抽象,但是你可以打开 chrome 按 F12 -> Resources -> Cookies
可以看到,类似下面这样
以上都是感念跟废话。重要看下面。
服务端只是 cookie 的接收者和解析者。由浏览器也就是客户端决定是否要将哪些 cookies 发送到到服务端。
而客户端是参考标准实现 RFC2109 的话(基本都是这样)。是根据 cookie 的 path, 和 domain 来发送。
我们假设,我们现在有两个 domain.
- oauth2.php123.com
- www.php123.com
如果想让 客户端将 www.php123.com 下面的 cookie 也发送到 oauth2.php123.com 下面。那么你需要,在 setcookie() 的时候,将 domain 设置成为 php123.com。
<code>php 库函数 setcookie 的定义 bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] ) </code>
来个实在点的例子吧。
<code>php</code><code>// oauth.php123.com/cookie.php
<?php setcookie("foo1", "bar1", time() + 3600, "/", "php123.com")
setcookie("foo2", "bar1", time() + 3600) //domain 默认使用,当前domain。
setcookie("foo3", "bar3", time() + 3600, "/", "www.php123.com")
</code></code>
<code>php</code><code>// www.php123.com/cookie.php <?php print_r($_COOKIE) // output array( 'foo1' => 'bar1', 'foo3'=> 'bar3' ) // 没有拿到 ['foo2' => 'bar2'],那是因为客户端只需将 domain 为`php123.com`,`www.php123.com`的 cookie 发送到 www.php123.com 这个域上。所以 cookie.php 只拿到了该拿到的两个 cookie。 </code>
以上代码可以很好的解释 cookie 的工作方式。理解好 cookie 的工作及机制可以实现很多高级功能。比如分布式的 session 共享。
反之亦然,自己去领悟吧。
1、楼上给出了子域名下的解决方案。很简单,在每次调用时,指定cookie的域为子域名。完全可以采用此方案。
http://stackoverflow.com/questions/22029530/sessions-cookies-shared-on-subdomains/22030121#22030121
2、P3P协议。是解决cookie跨域时的方案。a站生成cookie,b站删除a站cookie。
b站加js跨域:
<code><?php echo '<script src="http//www.a.com/delete-site-a-cookie.php?cookie_name=test">'; </code>
a站接收参数,执行删除
<code><?php //filter_cookie_name(); setcookie($cookie_name, '', time()-3600, '/'); </code></code>
但是,ie下会失效。。。原因么事浏览器安全策略的问题了,所以就得用到p3p.在删除前,加上协议:
<code><?php header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
//filter_cookie_name();
setcookie();
</code></code>
现在,你再看看。。
跨域跟PHP 没关系,cookie是通过请求头传递的,PHP 收到了请求必然能得到cookie
如果是www.a.com,和www.b.com, 是没有办法实现跨域操作的, 可以用变通的方法,比如jsonp等来解决。
How does PHP identify a user's session?May 01, 2025 am 12:23 AMPHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.
What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AMThe security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.
Where are PHP session files stored by default?May 01, 2025 am 12:15 AMPHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita
How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AMToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si
How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AMThe steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.
How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PMThe article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.
What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PMThe article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.
How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PMArticle discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Dreamweaver CS6
Visual web development tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
