Cookie&来自另一个域的框架? [英] Cookie & Frame from another domain?
问题描述
我有一个功能托管在与主框架不同的域中,并且需要在cookie中保留值。
$ b $例如:one.com上的一个网页包含一个框架,其中有一个页面托管在
two.com
如果我从一个查看框架集。在Firefox中,一切都适用于来自two.com的
内容。但如果尝试使用IE浏览器(使用标准
安全设置),则无法访问由two.com设置的cookie。
一直在修改setcookie函数中的域设置为
指定域名:尝试过one.com和two.com,但未能获得
来获取cookie值。
如何让它工作?
I have a feature that is hosted on a different domain from the primary one
in a frame, and need to retain values in a cookie.
example: A web page at one.com contains a frame which has a page hosted at
two.com
If I view the frameset from one.com in Firefox, all works well with the
content from two.com. But if trying to view this using IE (with standard
security settings), the cookie set by two.com is not accessible.
Have been tinkering with the domain setting in the setcookie function to
specify the domain: have tried one.com and two.com, but have not been able
to get at the cookie value.
How can I get this to work?
推荐答案
>我有一个托管的功能在一个框架中与主要的
>I have a feature that is hosted on a different domain from the primary one
不同的域,并且需要在cookie中保留值。
示例:one.com上的网页包含一个框架,有一个页面在
two.com上托管
如果我在Firefox中查看one.com的框架集,一切都与来自two.com的
内容很好地配合。但如果尝试使用IE浏览器(使用标准的安全设置),则无法访问由two.com设置的cookie。
一直在修改setcookie功能中的域设置
指定域名:已尝试过one.com和two.com,但未能获得cookie值。
我怎样才能使用它?
in a frame, and need to retain values in a cookie.
example: A web page at one.com contains a frame which has a page hosted at
two.com
If I view the frameset from one.com in Firefox, all works well with the
content from two.com. But if trying to view this using IE (with standard
security settings), the cookie set by two.com is not accessible.
Have been tinkering with the domain setting in the setcookie function to
specify the domain: have tried one.com and two.com, but have not been able
to get at the cookie value.
How can I get this to work?
希望你不能在任何浏览器上。来自一个域名的Cookie不应该是b $ b应该发送给另一个域名。对于许多,许多,使用cookies,
这是一个很大的安全漏洞(你正在递交凭据登录到一个
网站到另一个网站,会话劫持很容易。
Gordon L. Burditt
Hopefully you can''t on any browser. Cookies from one domain aren''t
supposed to be sent to another. For many, many, uses of cookies,
it''s a BIG security hole (you''re handing credentials to log into one
web site to another web site, which makes session hijacking easy).
Gordon L. Burditt
是的,但它实际上可以在我拥有的任何浏览器上运行除了IE浏览器之外
(包括Netscape,Firefox Win,Firefox Linux,Safari Mac)。
框架中的页面确实有一个与之关联的域名,该域名是否可以使用
cookie? (但不一定是
领域框架的领域)
" Gordon Burditt" <去*********** @ burditt.org>在消息中写道
news:12 ************* @ corp.supernews.com ...
Yes, but it does actually work on any browser I have seen aside from IE
(including Netscape, Firefox Win, Firefox Linux, Safari Mac).
The page in the frame does have a domain associated with it, shouldn''t the
cookie be available to that domain? (But not necessarily to the domain of
the hosting frame)
"Gordon Burditt" <go***********@burditt.org> wrote in message
news:12*************@corp.supernews.com...
我有一个功能,它在一个框架中与主要一个
不同的域上托管,并且需要在cookie中保留值。
例如:一个网络one.com上的页面包含一个框架,其页面由
two.com托管
如果我在Firefox中查看来自one.com的框架集,则所有内容都适用于
来自two.com的内容。但如果尝试使用IE浏览器(使用标准的安全设置),则无法访问由two.com设置的cookie。
一直在修改setcookie功能中的域设置
指定域名:已尝试过one.com和two.com,但未能获得cookie值。
我怎样才能使用它?
I have a feature that is hosted on a different domain from the primary
one
in a frame, and need to retain values in a cookie.
example: A web page at one.com contains a frame which has a page hosted at
two.com
If I view the frameset from one.com in Firefox, all works well with the
content from two.com. But if trying to view this using IE (with standard
security settings), the cookie set by two.com is not accessible.
Have been tinkering with the domain setting in the setcookie function to
specify the domain: have tried one.com and two.com, but have not been able
to get at the cookie value.
How can I get this to work?
希望你不能在任何浏览器上。来自一个域的Cookie不应该发送给另一个域。对于许多,许多,使用cookies,
它是一个很大的安全漏洞(你将凭据交给一个
网站到另一个网站,这使得会话劫持变得容易)。 br />
Gordon L. Burditt
Hopefully you can''t on any browser. Cookies from one domain aren''t
supposed to be sent to another. For many, many, uses of cookies,
it''s a BIG security hole (you''re handing credentials to log into one
web site to another web site, which makes session hijacking easy).
Gordon L. Burditt
" Bruno" &小于20 *** @ TimesOnThe.Net>在消息中写道
新闻:D0 ***************** @ news20.bellglobal.com ...
"Bruno" <20***@TimesOnThe.Net> wrote in message
news:D0*****************@news20.bellglobal.com...
是的,但它确实适用于我在IE浏览器中看到的任何浏览器(包括Netscape,Firefox Win,Firefox Linux,Safari Mac)。
框架中的页面确实有一个域关联有了它,该域名不应该有cookie吗? (但不一定是主机框架的领域)
依靠明显的安全漏洞来实现功能并不完全是
计划在未来:)
在页面中有一个框架能够从域中读取cookie,其中框架所在的区域是一个令人讨厌的东西。有人可能会以某种方式将一个框架注入到一个
网站的HTML中,并让该框架在第二台服务器上显示一个页面,
并且这将给出第二个服务器访问该页面上第一个
服务器的cookie。讨厌的东西。
Gordon Burditt <去*********** @ burditt.org>在消息中写道
新闻:12 ************* @ corp.supernews.com ...
Yes, but it does actually work on any browser I have seen aside from IE
(including Netscape, Firefox Win, Firefox Linux, Safari Mac).
The page in the frame does have a domain associated with it, shouldn''t the
cookie be available to that domain? (But not necessarily to the domain of
the hosting frame)
Relying on an obvious security flaw for functionality is not exactly
planning on the future :)
Having a frame in a page be able to read cookies from the domain in which
the frame is situated is a nasty thing. Someone could inject a frame into a
site''s HTML somehow, and have that frame bring up a page on a second server,
and that''ll give the second server access to the cookies of the first
server, on that page. Nasty stuff.
"Gordon Burditt" <go***********@burditt.org> wrote in message
news:12*************@corp.supernews.com...
>我有一个功能,它在一个框架中与主要
一个不同的域上托管,并且需要在cookie中保留值。
示例:一个Web one.com上的页面包含一个框架,其中有一个页面托管
两个网站
如果我在Firefox中查看one.com的框架集,一切都适用于
来自two.com的内容。但如果尝试使用IE浏览器(使用标准的安全设置),则无法访问由two.com设置的cookie。
一直在修改setcookie功能中的域设置
指定域名:尝试过one.com和two.com,但是没有能够获得cookie值。
我怎样才能获得这个工作?
>I have a feature that is hosted on a different domain from the primary
>one
in a frame, and need to retain values in a cookie.
example: A web page at one.com contains a frame which has a page hosted
at
two.com
If I view the frameset from one.com in Firefox, all works well with the
content from two.com. But if trying to view this using IE (with standard
security settings), the cookie set by two.com is not accessible.
Have been tinkering with the domain setting in the setcookie function to
specify the domain: have tried one.com and two.com, but have not been
able
to get at the cookie value.
How can I get this to work?
希望你不能在任何浏览器上。来自一个域的Cookie不应该发送给另一个域。对于许多,许多,使用cookies,
它是一个很大的安全漏洞(你将凭据交给一个
网站到另一个网站,这使得会话劫持变得容易)。 br />
Gordon L. Burditt
Hopefully you can''t on any browser. Cookies from one domain aren''t
supposed to be sent to another. For many, many, uses of cookies,
it''s a BIG security hole (you''re handing credentials to log into one
web site to another web site, which makes session hijacking easy).
Gordon L. Burditt
这篇关于Cookie&来自另一个域的框架?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
