发表新帖
发表新帖

Cross-Domain Cookies

后端 未结
关注
15 2775
抹茶落季
抹茶落季 2020-11-21 21:56

I have two webapps WebApp1 and WebApp2 in two different domains.

  1. I am setting a cookie in WebApp1 in the HttpResponse.
  2. How to read the same cookie fro
15条回答
  • 暖寄归人
    暖寄归人 (楼主)
    2020-11-21 22:40

    As far as I know, cookies are limited by the "same origin" policy. However, with CORS you can receive and use the "Server B" cookies to establish a persistent session from "Server A" on "Server B".

    Although, this requires some headers on "Server B":

    Access-Control-Allow-Origin: http://server-a.domain.com
Access-Control-Allow-Credentials: true

    And you will need to send the flag "withCredentials" on all the "Server A" requests (ex: xhr.withCredentials = true;)

    You can read about it here:

    http://www.html5rocks.com/en/tutorials/cors/

    https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

    0 讨论(0)
 看不清?
提交回复
热议问题