问题
I have two sites - both are my projects. On site two, I need to check if the user is logged in on site one. I suppose to do this I should just create a script that puts a cookie into the body of an iframe and then read the iframe contents on site two. But I can't.
Here is a code I made for testing purposes:
http://jsbin.com/oqaza/edit
I got an error, that says:
"Permission denied for <http://jsbin.com> to get property HTMLDocument.nodeType from <http://www.google.com>."
回答1:
Iframe documents are subject to the Same Origin Policy - you can't access content on one host from a page on another host. The same is true of AJAX requests.
For modern browsers, one solution is Cross Document Messaging.
回答2:
As others have mentioned, using cookies is not a good option due to security concerns. You could do it by punting a logged in user back to the other site, checking the cookie, and punting them back to the page they were on with a query string indicating status, but this is clunky to say the least.
A better way would be to create a web service (or an MVC JsonResult if you are into .Net MVC) on site1 that can respond to an AJAX request from site2 regarding login status.
回答3:
I finally got it. Generally there is solution like "OpenID" (used even here on SO), but I discovered, that JSONP is easiest way to read cookies across domain :)
来源:https://stackoverflow.com/questions/2546592/reading-cookies-across-different-hosts