How to solve the problem of Ajax cross-domain access, session cannot be saved, etc.

According to the browser's protection rules, the sessionId we create will not be saved by the browser when crossing domains.In this way, when we perform cross-domain When accessing the domain, our sessionId will not be saved. In other words, every time a request is made, the server will think it is a new person instead of the same person. In order to solve this problem, the following method can be used To solve this cross-domain solution.

Add configuration in ajax request

    $.ajax({
        url:url,        //加上 xhrFields及crossDomain
        xhrFields: {            //允许带上凭据
            withCredentials: true
        },
        crossDomain: true,        //以上
        success:function(result){
            alert("test");
        },
        error:function(){
        }
    });

About withCredentials

withCredentials:
By default, cross-origin requests do not provide credentials (cookies, HTTP authentication, client SSL certification, etc.). You can specify that a certain request should send credentials by setting the withCredentials property to true. If the server receives a request with credentials, it will respond with the following HTTP headers.

"Access-Control-Allow-Credentials: true"

If a request with credentials is sent, but the server's response does not include the above header, Then the browser will not hand over the response to JavaScript (so the responseText will be an empty string, the status value will be 0, and the onerror() event handler will be called). In addition, the server can also send this HTTP header in the Preflight response to indicate that the origin is allowed to send requests with credentials.

Browsers that support the withCredentials attribute include Firefox 3.5+, Safari 4+ and Chrome. IE10 and earlier versions are not supported.
At the same time

Note

After adding the basic allow cross-domain response header
You need to add Access-Allow-Credentials:true
In addition, due to Google’s security policy
When withCredentials is true
Access-Allow-Origin in ResponseHeader cannot use wildcard '*'
Otherwise, it will prompt

A wildcard '*' cannot be us

ed in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://url' is therefore not allowed access.

##Other browsing Server to be tested

According to the browser’s protection rules,

the sessionId we create will not be saved by the browser when crossing domains, so when we When performing cross-domain access, our sessionId will not be saved. In other words, every time a request is made, the server will think it is a new person, not the same person. In order to solve this problem, the following There are several ways to solve this cross-domain problem.

Add configuration in ajax request

    $.ajax({
        url:url,        //加上 xhrFields及crossDomain
        xhrFields: {            //允许带上凭据
            withCredentials: true
        },
        crossDomain: true,        //以上
        success:function(result){
            alert("test");
        },
        error:function(){
        }
    });

About withCredentials

withCredentials: By default, cross-origin requests do not provide credentials (cookies, HTTP authentication, client SSL certification, etc.). You can specify that a certain request should send credentials by setting the withCredentials property to true. If the server receives a request with credentials, it will respond with the following HTTP headers.

"Access-Control-Allow-Credentials: true"

If a request with credentials is sent, but the server's response does not include the above header, Then the browser will not hand over the response to JavaScript (so the responseText will be an empty string, the status value will be 0, and the onerror() event handler will be called). In addition, the server can also send this HTTP header in the Preflight response to indicate that the origin is allowed to send requests with credentials.

Browsers that support the withCredentials attribute include Firefox 3.5+, Safari 4+ and Chrome. IE10 and earlier versions are not supported.

At the same time

Note

After adding the basic allow cross-domain response header

You need to add Access-Allow-Credentials:true
In addition, due to Google’s security policy
When withCredentials is true
Access-Allow-Origin in ResponseHeader cannot use wildcard '*'
Otherwise, it will prompt

A wildcard '*' cannot be used in the 'Access -Control-Allow-Origin' header when the credentials flag is true. Origin 'http://url' is therefore not allowed access.

Other browsers to be tested

The above is the detailed content of How to solve the problem of Ajax cross-domain access, session cannot be saved, etc.. For more information, please follow other related articles on the PHP Chinese website!