为了做一个免登陆,需要回写非当前域名的cookie
,使用cookie.setDomain(".test.com"); response.addCookie(cookie);
不起作用,请教下为什么?
大家讲道理2017-04-18 09:51:00
If it is a second-level domain name of the current domain name, it seems to be possible, otherwise it is not supported. This is a requirement in the security specification, and browser implementers will not do this unless you make a browser yourself.
天蓬老师2017-04-18 09:51:00
Set up on your frontend page
document.domain = 'test.cn'; //这样就能读取到一级域名下(不同的二级域名也能读取的到)得所有cookie
Pay attention to whether different cookie-names are set in the background
PHPz2017-04-18 09:51:00
HTTP specification constraints prohibit cross-domain reading and writing of cookies. Although the browser received the cookie sent by the server (which is illegal), it simply ignored it.