如何限制子域中父域cookie的加载 [英] How to restrict loading of parent domain cookies in sub domain

问题描述

大家好，



我有一个问题。有两个域名

1. MyTest.com（父域名）

2. sub.MyTest.com（子域名）



来自父域的cookie可在子域中访问。我不希望这种情况发生。我知道我们可以通过在创建cookie时设置domain属性来限制它。但问题是我无法访问父域。



我可以限制在子域中创建的cookie只能在子域中访问但是我我无法限制来自父域的cookie。



请建议我该如何处理。





谢谢

解决方案

如果要限制在父域中设置的cookie是全局的，则必须设置绝对网址上的cookie



例如，设置cookie



http://www.test.com/



而不是 test.com



在 test.com上设置cookie >会在所有子域上设置它。



我认为子域名如 sub-domain.test.com 通常不受影响。

Rohan-Rajpoot：

现在来自父域的cookie即将来临正在创建SQL注入。

即使通过使用某些cookie以某种方式执行SQL注入漏洞，阻止任何cookie对于防止此漏洞也是毫无用处的。它的机制基本上与cookie完全无关，可以在没有任何cookie的情况下使用。具体方法如下： http://xkcd.com/327 [ ^ ]。



另请参阅： http://en.wikipedia.org/wiki/SQL_injection [ ^ ]。



请查看我过去的答案：

在com.ExecuteNonQuery（）中重新启动; [ ^ ]，

hi name没有显示在名称中？ [ ^ ]。



这是你真正需要使用的：http://msdn.microsoft.com/en-us/library/ff648339.aspx [ ^ ]。



< DD> -SA

Hi All,

I have an issue. There are two domains
1. MyTest.com (parent domain)
2. sub.MyTest.com (sub domain)

The cookies from the parent domain is accessible in the sub domain. I don't want this to happen. I know we can limit this by setting the domain property at the time of cookie creation. But the problem is that I don't have access to parent domain.

I can restrict the cookies being created in sub domain to be accessible only in sub domain but I am not able to restrict the cookies from the parent domain.

Please suggest how should I proceed in this.


Thanks

解决方案

If you want to restrict cookies that are set in the parent domain from being global, you have to set the cookie on the absolute url

For example, set the cookie on

http://www.test.com/

instead of test.com

Setting the cookie on test.com> would set it on all sub-domains.

I think sub-domains like sub-domain.test.com are not usually affected.

Rohan-Rajpoot:

Now the cookies from the parent domain is coming which are creating SQL injection.

Even if SQL injection exploit is somehow performed through the use of some cookies, blocking any cookies would be quite useless for prevention of this exploit. Its mechanism is basically totally unrelated to cookies and can be utilized without any cookies at all. This is how: http://xkcd.com/327[^].

See also: http://en.wikipedia.org/wiki/SQL_injection[^].

Please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].

This is what you really need to use: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].

—SA

这篇关于如何限制子域中父域cookie的加载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！