如何在Nginx中将会话/cookie从主域传递到子域? [英] How to pass session / cookie from main domain to subdomains in Nginx?

问题描述

所以我在主域中有一个子域的iframed页面，该子域页面要求用户登录并具有成员身份.

So I have an iframed page of my subdomain in my main domain, and this subdomain page requires user to be logged in and have a membership to be accessed.

基本上，我需要将会话变量和Cookie传递到子域，以便加载iframe.

Basically I need that the session variables and cookie are passed to the subdomain in order for the iframe to load.

如何在Nginx中实现这一目标?

How can I achieve this in Nginx ?

推荐答案

Cookie具有 domain 属性，该属性指定将它们从客户端发送到的域.例如，在PHP的 setcookie 函数中，第五个参数接受 $ domain字符串以在cookie中设置.默认情况下，该字段保留为空，这意味着它将在客户端收到请求时使用请求来自的域.

Cookies have a domain attribute, which specifies which domains they will be sent to from the client. For example, in PHP's setcookie function the 5th argument accepts a $domain string to set in the cookie. By default it's left blank which means it will use the domain the request came from when the client receives it.

cookie可用的域.将域设置为"www.example.com"将使Cookie在www子域和更高子域中可用.较低域名(例如"example.com")可用的Cookie将可访问较高子域名(例如"www.example.com").仍实施不推荐使用的旧版浏览器» RFC 2109 可能需要加引号.匹配所有子域.

The domain that the cookie is available to. Setting the domain to 'www.example.com' will make the cookie available in the www subdomain and higher subdomains. Cookies available to a lower domain, such as 'example.com' will be available to higher subdomains, such as 'www.example.com'. Older browsers still implementing the deprecated » RFC 2109 may require a leading . to match all subdomains.

因此，如果您将cookie设置为您的主域，则客户端UA将不会出现问题，使其可用于您的子域.

So if you set your cookie to your main domain the client UA won't have a problem making it available to your sub domain.

现在，iframe有点棘手了.例如，由于其不同的隐私策略规则，Internet Explorer可以对iframe进行不同的处理，并阻止iframe中的所有cookie.有关更多详细信息，请参见此问题.但是，Nginx实际上在所有这些方面都不应扮演被动角色.

Now, iframes are little trickier, however. For example, Internet Explorer can treat iframes differently due its varying privacy policy rules and block all cookies from an iframe. See this question for more details. However, Nginx really shouldn't play anything more than a passive role in all of this.

这篇关于如何在Nginx中将会话/cookie从主域传递到子域?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！