在http和https之间共享dom存储 [英] Share dom storage between http and https

问题描述

我想要一种在客户端上存储信息的方法，可以通过我的站点的SSL和nonSSL版本访问。 localStorage是一个很好的机制，但它只能通过当前协议访问。

I would like a method of storing information on the client that can be accessed by both the SSL and nonSSL version of my site. localStorage is a great mechanism but it can only be accessed by the current protocol.

我希望能够通过javascript存储一条信息我的网站的ssl（http）部分，并在我的网站的SSL（https）部分访问它。

I'd like to be able to store a piece of information via javascript on the non-ssl(http) portion of my site and access it on the SSL (https) portion of my site.

有谁知道在ssl和非ssl页面之间共享存储的客户端信息的好方法？

Does anyone know of a good way to share stored client-side information between ssl and non-ssl pages?

我知道我总是可以默认使用cookie ...但我讨厌必须为每一个请求来回发送cookie。

I know I can always default to a cookie.. but I hate the idea of having to send the cookie back and forth for every single request.

推荐答案

根据导致此答案的评论编译;我欢迎@jeremyisawesome编辑他的最终技巧：

Compiled from the comments leading to this answer; I welcome @jeremyisawesome to edit in his final techniques:

拳头选择：在所有内容中使用SSL。许多用户都希望这样，而且（除了更高的资源使用率）几乎在所有方面都是一个优越的选择。这也是一个简单的解决方案。

Fist choice: Use SSL, across everything. Many users want that, and it is (with the exception of the somewhat higher resource use) a superior option in nearly every way. Also it is the trivial solution.

可悲的是，因为管理通常是一个正当理由，而你可以尝试以额外的安全从不伤害任何人的方式出售它点或其他什么，一个真正的解决方案将是首选。

Sadly, "Because Management" is often a valid reason, and while you can try selling it on the "extra security never hurt anyone" point or whatever, a real solution would be preferred.

我建议如下：复制DOM存储，并使用cookie（最小数据），AJAX，和一个哈希函数来检查是否需要更新DOM存储。确切的实现细节取决于您拥有的数据量，更改频率以及用户切换方的频率，但基本思路如下：

I propose the following: duplicate the DOM storage, and use a combination of cookie (with minimal data), AJAX, and a hash function to check if the DOM store needs to be updated. The exact implementation details depend on how much data you have, how frequently it changes, and how frequently users switch sides, but the basic idea is something like this:

1. 将数据及其哈希值保存到DOM。


2. 在cookie中发送哈希而不是完整数据。


3. JS检查该cookie哈希和DOM数据匹配。


4. 如果确定DOM已过期，请使用AJAX获取DOM的新数据，并异步更新它。

1. save data to DOM, along with its hash.
2. send hash in cookie instead of full data.
3. JS checks that cookie hash and DOM data match.
4. If DOM is determined to be out of date, use AJAX to acquire new data for DOM, and update it asynchronously.

使用安全会话cookie在HTTP和HTTPS页面之间切换 - 讨论了许多与切换有关的漏洞，但是那里有一些有用的东西。

Switching between HTTP and HTTPS pages with secure session-cookie -- there are a number of vulnerabilities discussed with switching, but there's some useful stuff there.

这篇关于在http和https之间共享dom存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！