问题
I have a domain domain1.com. The user logs in and a cookie is set. This is done using Django sessions.
I then go to another domain domain2.com. This domain runs javascript. From this javascript, I want to see if the user is logged into domain1.com.
Is this possible? Can I see a cookie belonging to domain1 from domain2? Or can I somehow via ajax make a call domain1 to check if the user is logged in?
Also, the user might originally have logged into domain1 from Chrome, but now they are accessing domain2 from another browser. Aren't cookies browser specific?
EDIT:
The real problem I am trying to solve? (re comment below): I have created a Chrome extension. When the user presses the extension icon from domain2, a javascript is run, which collects information from the page. This information needs to be sent to the user's account on domain1. Note that domain2 can be ANY domain, not one that I have created.
What I tried with AJAX and cookies.
set cookie from domain1:
response.set_cookie("user_cookie", value="somevalue", max_age=60*60, expires=None, path='/', domain=None, secure=None, httponly=False)
Create Python function, which is executed from domain1.com/checklogin:
@csrf_exempt
def is_logged_in(request):
cookie = request.COOKIES.get('user_cookie')
if cookie is not None:
return HttpResponse("1")
else:
return HttpResponse("0")
Go to domain1.com/checklogin -> The response is "1"
Call javascript from domain2 as follows:
var xmlHttp_1=new XMLHttpRequest();
xmlHttp_1.open("POST","http://domain1.com/checklogin/",false);
xmlHttp_1.send();
alert(xmlHttp_1.responseText);
The response here is, incorrectly, 0. It does not see the cookie created by domain1.
Note that domain1 is, at this point, localhost and domain2 is a real domain. Could this be the issue? It does properly call the function.
回答1:
Is this possible? Can I see a cookie belonging to
domain1fromdomain2?
No. Cookies are restricted to domains (and their subdomains). A cookie for .foo.com is accessible to www.foo.com, zoo.foo.com but not bar.com.
Or can I somehow via ajax make a call
domain1to check if the user is logged in?
This is one way, yes and it will work.
Also, the user might originally have logged into domain1 from Chrome, but now they are accessing domain2 from another browser. Aren't cookies browser specific?
Yes, they are. If you are logged into Chrome, and you open Safari, you won't be logged in.
回答2:
cookies are domain specific, you may share cookies between foo.example.com and bar.example.com but not between two domains. For work around, you need to send ajax request from domain two to domain one and check there if cookie as set and send response back to domain two.
Check this So question for reference: Setting default cookie domain for Django site with multiple domain names
来源:https://stackoverflow.com/questions/16163313/django-session-cookie-from-any-other-domain-check-if-user-is-logged-in