浏览器不在同一服务器上通过不同端口发送的Cookie [英] Cookies not sent by browser on same server with different port

问题描述

我正在从运行在默认端口的服务器向客户端发送httponly/安全cookie.来自客户端的请求未为此指定任何端口号，而是作为响应返回了cookie.

I am sending a httponly/secure cookie to the client from my server running at default port. From the client, the request does not specify any port number for this and gets the cookie back in response.

当对具有不同端口的同一服务器进行另一次调用时，cookie不会发送到该服务器.反之，如果我在没有任何端口号的情况下拨打电话，则会发送Cookie.

When another call is made to the same server with different port, the cookies are not sent to the server. whereas if I make the call without any port number, the cookies are sent.

我在这里想念什么?是否需要启用任何功能才能使Cookie跨域发送.根据RFC 6265，Cookie不是特定于端口的，那么特定于浏览器的行为是否可以阻止这种情况?我已经尝试过Firefox和chrome，但两者都无法使用.

What am I missing here? Is there anything needs to be enabled in order for cookie to be sent cross domain. According to RFC 6265, cookies are not port specific, then is it specific browser behavior thats preventing this? I have tried Firefox and chrome and its not working on both.

推荐答案

尽管这是一个老问题，但我将其发布给遇到此问题并在这里找到自己的人.这很可能是由跨源策略引起的.

Although this is an old question, I'm posting this for people who encounter the problem and find themselves here. This is likely caused by cross origin policy.

可以通过确保您的服务器发送"允许凭证"CORS标头.然后，您需要向您的XHR发送" withCredentials "参数.

It can be circumvented by making sure your server sends "allow-credentials" CORS headers. And then you need to send your XHR with a "withCredentials" parameter.

这篇关于浏览器不在同一服务器上通过不同端口发送的Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！