跨域Cookie [英] Cross-Domain Cookies

问题描述

如果我从其他域加载JS文件，浏览器通过

HTTP请求它，所以我假设它发送该域的任何相关cookie头;

为什么我不能访问它们？例如。假设我在一个文件中有这个文件

domain1.com：


< SCRIPT TYPE =" text / javascript" src =" http：//www.domain2.com/cookie.js">

< / SCRIPT>


和cookie.js我有


alert（document.cookie）;


在我看来它应该显示domain2的cookie，不是吗？但是它

显示了domain1的cookie。有没有办法让它做我想要的
想要什么？


-

Alan Little

Phorm PHP表格处理器
http://www.phorm.com/

If I load a JS file from a different domain, the browser requests it via
HTTP, so I assume it sends any relevant cookie headers for that domain;
why then can I not access them? E.g. suppose I have this in a file on
domain1.com:

<SCRIPT TYPE="text/javascript" src="http://www.domain2.com/cookie.js">
</SCRIPT>

and in cookie.js I have

alert(document.cookie);

It seems to me it should show me the cookies for domain2, no? But it
shows me the cookies for domain1. Is there a way to get it to do what I
want?

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/

推荐答案

在文章< Xn ********************** ****@216.196.97.131>，alan @ nosp-

am-phorm.com说...

In article <Xn**************************@216.196.97.131>, alan@n-o-s-p-
a-m-phorm.com says...

如果我从其他域加载JS文件，浏览器通过HTTP请求它，所以我假设它发送该域的任何相关cookie头;
为什么我不能访问它们？例如。假设我在
domain1.com上的文件中有这个：

< SCRIPT TYPE =" text / javascript" src =" http://www.domain2.com/cookie.js">
< / SCRIPT>

在cookie.js我有

alert（document.cookie）;

在我看来它应该显示domain2的cookie，不是吗？但是它向我展示了domain1的cookie。有没有办法让它做我想要做的事情？

If I load a JS file from a different domain, the browser requests it via
HTTP, so I assume it sends any relevant cookie headers for that domain;
why then can I not access them? E.g. suppose I have this in a file on
domain1.com:

<SCRIPT TYPE="text/javascript" src="http://www.domain2.com/cookie.js">
</SCRIPT>

and in cookie.js I have

alert(document.cookie);

It seems to me it should show me the cookies for domain2, no? But it
shows me the cookies for domain1. Is there a way to get it to do what I
want?

人们希望不会 - 阻止不道德的开发者试图做什么？ />
在你不知情的情况下从其他网站获取cookie数据？


-

Hywel http://kibo.org.uk/

我不吃乳蛋饼。

One would hope not - what''s to stop unscrupulous developers from trying
to grab cookie data from other sites without your knowledge?

--
Hywel http://kibo.org.uk/
I do not eat quiche.

" Alan Little" <人** @ n-o-s-p-a-m-phorm.com>在留言中写道

news：Xn ************************** @ 216.196.97.131 ..。

"Alan Little" <al**@n-o-s-p-a-m-phorm.com> wrote in message
news:Xn**************************@216.196.97.131.. .

如果我从不同的域加载JS文件，浏览器通过HTTP请求它，所以我假设它发送该域的任何相关cookie头;
为什么我不能访问他们？例如。假设我在
domain1.com上的文件中有这个：

< SCRIPT TYPE =" text / javascript" src =" http://www.domain2.com/cookie.js">
< / SCRIPT>

在cookie.js我有

alert（document.cookie）;

在我看来它应该显示domain2的cookie，不是吗？但是它向我展示了domain1的cookie。有没有办法让它做我想要做的事情？

-
Alan Little
Phorm PHP表格处理器
http://www.phorm.com/

If I load a JS file from a different domain, the browser requests it via
HTTP, so I assume it sends any relevant cookie headers for that domain;
why then can I not access them? E.g. suppose I have this in a file on
domain1.com:

<SCRIPT TYPE="text/javascript" src="http://www.domain2.com/cookie.js">
</SCRIPT>

and in cookie.js I have

alert(document.cookie);

It seems to me it should show me the cookies for domain2, no? But it
shows me the cookies for domain1. Is there a way to get it to do what I
want?

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/

我不相信这是可能的，因为Jenkins先生

说明了这个原因。如果你偶然拥有这两个域，你必须在第二个域上制作一个php

脚本来读取它自己的cookie然后以这种方式传输数据

。至于直接在另一个域中读取它，你应该

无法做到。


-

Matthew Hagston

I do not belive this is possible for just this reasons that Mr. Jenkins
stated. If by chance you own both domains you would have to make a php
script on the second domain to read it''s own cookie then transfer the data
that way. As far as directly reading it across another domain, you should
not be able to do it.

--
Matthew Hagston

在生动的岩石上刻上神秘的符文，

comp.lang.javascript的Hywel Jenkins的最后一句话： br>

Carved in mystic runes upon the very living rock, the last words of
Hywel Jenkins of comp.lang.javascript make plain:

在文章< Xn ************************** @ 216.196.97.131>，< brlan> alan @ nosp- am-phorm.com说...

In article <Xn**************************@216.196.97.131>,
alan@n-o-s-p- a-m-phorm.com says...

如果我从其他域加载一个JS文件，浏览器会通过HTTP请求它，所以我假设它发送该
域的任何相关cookie标头;为什么我不能访问它们？例如。假设我在domain1.com上的
文件中有这个：

< SCRIPT TYPE =" text / javascript"
src =" http：//www.domain2的.com / cookie.js"> < / SCRIPT>

并且在cookie.js中我有警告（document.cookie）;

在我看来它应该显示我是domain2的cookie，不是吗？但是它向我展示了domain1的cookie。有没有办法让它做我想要的事情？

If I load a JS file from a different domain, the browser requests it
via HTTP, so I assume it sends any relevant cookie headers for that
domain; why then can I not access them? E.g. suppose I have this in a
file on domain1.com:

<SCRIPT TYPE="text/javascript"
src="http://www.domain2.com/cookie.js"> </SCRIPT>

and in cookie.js I have

alert(document.cookie);

It seems to me it should show me the cookies for domain2, no? But it
shows me the cookies for domain1. Is there a way to get it to do what
I want?

有人希望不会 - 阻止不道德的开发者试图抓住什么？在你不知情的情况下来自其他网站的cookie数据？

One would hope not - what''s to stop unscrupulous developers from
trying to grab cookie data from other sites without your knowledge?

因为它会依赖于另一端的javascript来提供

数据。这两个网站必须合作。


-

Alan Little

Phorm PHP表格处理器
http://www.phorm.com/

这篇关于跨域Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！