search
HomeBackend DevelopmentPHP TutorialPHP 如何操作跨域的COOKIE,不同服务器上

首先是两个不同子域的域名,解析在不同服务器上的,当然目录也不同的。我在进行跨域操作(删除COOKIE)时,失败。无法操作。
我尝试过P3P协议,还是不行,这有办法实现吗?

回复内容:

首先是两个不同子域的域名,解析在不同服务器上的,当然目录也不同的。我在进行跨域操作(删除COOKIE)时,失败。无法操作。
我尝试过P3P协议,还是不行,这有办法实现吗?

cookies 定义在 RFC2109 标准。cookies 的大部分操作,由客户端也就是浏览器实现。

cookies 每一个 cookie 代表着一个 key-value 键值对,以及作用范围,和生命周期。

cookie 字段定义

作用范围(Scope): path, domain

生命周期(Life cycle):也就是cookie的过期时间,expires (GMT,UTC) 时间标准

安全作用域(Security Scope):HttpOnly, Secure

跨域访问涉及 作用范围(Scope), 安全作用域(Security Scope)

如果 你不使用 js 操作 Cookie 的话,可以忽略 安全作用域(Security Scope)。

以上可能有点 抽象,但是你可以打开 chrome 按 F12 -> Resources -> Cookies

可以看到,类似下面这样

PHP 如何操作跨域的COOKIE,不同服务器上

以上都是感念跟废话。重要看下面。

服务端只是 cookie 的接收者和解析者。由浏览器也就是客户端决定是否要将哪些 cookies 发送到到服务端。

而客户端是参考标准实现 RFC2109 的话(基本都是这样)。是根据 cookie 的 path, 和 domain 来发送。

我们假设,我们现在有两个 domain.

  • oauth2.php123.com
  • www.php123.com

如果想让 客户端将 www.php123.com 下面的 cookie 也发送到 oauth2.php123.com 下面。那么你需要,在 setcookie() 的时候,将 domain 设置成为 php123.com

<code>php 库函数 setcookie 的定义
bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
</code>

来个实在点的例子吧。

<code>php</code><code>// oauth.php123.com/cookie.php
<?php setcookie("foo1", "bar1", time() + 3600, "/", "php123.com")
    setcookie("foo2", "bar1", time() + 3600) //domain 默认使用,当前domain。
    setcookie("foo3", "bar3", time() + 3600, "/", "www.php123.com")
</code></code>
<code>php</code><code>// www.php123.com/cookie.php
<?php print_r($_COOKIE)

// output  array( 'foo1' => 'bar1', 'foo3'=> 'bar3' )

// 没有拿到 ['foo2' => 'bar2'],那是因为客户端只需将 domain 为`php123.com`,`www.php123.com`的 cookie 发送到 www.php123.com 这个域上。所以 cookie.php 只拿到了该拿到的两个 cookie。
</code>

以上代码可以很好的解释 cookie 的工作方式。理解好 cookie 的工作及机制可以实现很多高级功能。比如分布式的 session 共享。

反之亦然,自己去领悟吧。

1、楼上给出了子域名下的解决方案。很简单,在每次调用时,指定cookie的域为子域名。完全可以采用此方案。
http://stackoverflow.com/questions/22029530/sessions-cookies-shared-on-subdomains/22030121#22030121

2、P3P协议。是解决cookie跨域时的方案。a站生成cookie,b站删除a站cookie。
b站加js跨域:

<code><?php echo '<script src="http//www.a.com/delete-site-a-cookie.php?cookie_name=test">';
</code>

a站接收参数,执行删除

<code><?php //filter_cookie_name();
setcookie($cookie_name, '', time()-3600, '/');
</code></code>

但是,ie下会失效。。。原因么事浏览器安全策略的问题了,所以就得用到p3p.在删除前,加上协议:

<code><?php header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');

//filter_cookie_name();
setcookie();
</code></code>

现在,你再看看。。

跨域跟PHP 没关系,cookie是通过请求头传递的,PHP 收到了请求必然能得到cookie

如果是www.a.com,和www.b.com, 是没有办法实现跨域操作的, 可以用变通的方法,比如jsonp等来解决。

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
How does PHP identify a user's session?How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

How do you retrieve data from a PHP session?How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AM

ToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si

How can you use sessions to implement a shopping cart?How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AM

The steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.

How do you create and use an interface in PHP?How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PM

The article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.

What is the difference between crypt() and password_hash()?What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PM

The article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.

How can you prevent Cross-Site Scripting (XSS) in PHP?How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PM

Article discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.