更改域的Cookie [英] Changing Cookie Domains

问题描述

我使用Apache作为代理我的应用程序的Web服务器，并想在运行，改变了的SessionID Cookie关联的域名。

I use apache as a proxy to my application web server and would like to on the fly, change the domain name associated with a sessionid cookie.

cookie拥有一个与之关联的.company.com域，我想使用Apachemod-rewrite（或一些类似模块），透明地改变域app.company.com。这可能吗 ？如果是这样，怎么会一步到位呢？

The cookie has a .company.com domain associated with it, and I would like using apache mod rewrite (or some similar module), transparently change the domain to app.company.com. Is this possible ? and if so, how would one go about it ?

推荐答案

您只能改变一个cookie的在客户端，或者当它在服务器上设置的领域。一旦一个cookie已定，它的路径和域信息只存在在客户端上。因此，现有的cookie无法在服务器上的域名改变，因为这些信息是不是从客户端发送到服务器。

You can only change the domain of a cookie on the client, or when it's being set on the server. Once a cookie has been set, the path and domain information for it only exists on the client. So existing cookies can't have their domain changed on the server, because that information isn't sent from the client to the server.

例如，如果你有一个cookie，看起来像这样在本地计算机上：

For example, if you have a cookie that looks like this on your local machine:

MYCOOKIE:123, domain:www.test.com, path:/

您的服务器将只接收：

MYCOOKIE:123 

在服务器上。为什么没有路径和域发送？由于浏览器不断在客户端上的信息，和犯规麻烦一起发送它，因为它只发送这个cookie到你的服务器的如果的页面在 www.test.com 并在路径的 / 的

on the server. Why isn't the path and domain sent? Because the browser keeps that information on the client, and doesnt bother sending it along, since it only sends this cookie to your server if the page is at www.test.com and at the path /.

由于这是你的服务器，你应该能够改变你的code，创建新的cookies。如果你觉得你需要做的是你的code之外的某种原因，你可以用类似下面的这样做，但你必须在如何您的cookie被写在头匹配它究竟是看究竟。在这一个可行的解决方案下面是一个未经考验的猜测，使用Apache的 mod_headers中：

Since it's your server, you should be able to change your code that creates new cookies. If you felt you needed to do it outside of your code for some reason, you could do so with something like the following, but you'd have to look exactly at how your cookie is being written in the header to match it exactly. The following is an untested guess at a workable solution for this, using Apache's mod_headers:

<IfModule mod_headers.c>
  Header edit Set-Cookie (.*)(domain=.company.com;)(.*) $1 domain=app.company.com; $2
</IfModule>

您也可以使用 mod_headers中来更改cookie收到客户端，像这样，如果需要的话：

You can also use mod_headers to change the cookie received from the client, like so, if need be:

<IfModule mod_headers.c>
  RequestHeader edit Cookie "OLD_COOKIE=([0-9a-zA-Z\-]*);" "NEW_COOKIE_NAME=$1;"
</IfModule>

这只会重命名你在请求接收cookies。

This would only rename cookies you receive in the request.

这篇关于更改域的Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！