创建一个cookie失败与safari，chrome，即使用FF [英] creating a cookie failing with safari, chrome, ie but working with FF

问题描述

我们使用以下代码创建安全Cookie。一切都在Staging环境中正常工作，但是在生产环境中，以下代码无法在Safari，Chrome或IE中创建cookie，但它在Firefox中成功创建了一个cookie。

We are using the following code to create the security cookie. Everything works fine in Staging environment, however in the production environment the following code is unable to create a cookie in Safari, Chrome or IE but it does create a cookie successfully in Firefox. anything that you guys think i am missing or is wrong in here ?

public static void SetAuthenticationCookie(CustomIdentity identity)
        {
            ConfigSettings configSettings = ConfigHelper.GetConfigSettings();

            string cookieName = configSettings.CookieName;
            if (cookieName == null || cookieName.Trim() == String.Empty)
            {
                throw new Exception("CookieName entry not found in Web.config");
            }

            string cookieExpr = configSettings.CookieExpiration.ToString();

            string encryptedUserDetails = Encrypt(identity);

            HttpCookie userCookie = new HttpCookie(cookieName.ToUpper());
            if (cookieExpr != null && cookieExpr.Trim() != String.Empty)
            {
                userCookie.Expires = DateTime.Now.AddMinutes(int.Parse(cookieExpr));
            }
            userCookie.Values["UserDetails"] = encryptedUserDetails;
            userCookie.Values["Culture"] = configSettings.Customer.Culture;

            MyContext.Current.Response.Cookies.Add(userCookie);
        }

推荐答案

Safari和IE8默认接受第三方Cookie。

Safari and IE8 don't accept third-party cookies by default.

当您使用JSONP呼叫其他网域时，该脚本设置的每个Cookie都会被Safari和IE8阻止。没有什么你可以做的（在IE8中，你可以添加一个P3P策略，但是在Safari中不起作用）。

When you call out to another domain using JSONP, every cookie set by that script will be blocked by Safari and IE8. There is nothing you can do about that (in IE8, you could add a P3P policy, but that doesn't work in Safari).

有保持状态的解决方法（你必须手动管理状态，并在调用的javascript中使用document.cookie）

There are workarounds for maintaining state across JSONP calls, but it's pretty complicated (you'll have to manage state manually and use document.cookie in the called javascript)

另一种方法是，用户降低浏览器中的隐私设置，但这不是值得考虑IMHO的东西。

As an alternative, you can ask your users to lower the privacy settings in their browser, but this isn't something worth considering IMHO.

这篇关于创建一个cookie失败与safari，chrome，即使用FF的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！