如果请求来自其他来源，是否可以使用会话/Cookie? [英] Is it possible to have session/cookies if the request comes from a different origin?

问题描述

我正在使用支付API.当我单击付款时，它将在浏览器中打开一个新页面，我在其平台上进行付款，然后使用POST请求将用户重定向回我的网站.但是，即使他退出我的网站时登录，当他被重定向回我的网站并且来源是支付平台时，我的用户似乎仍未登录.不过，他并未注销，是

I am using a payment API. When I click on pay, it opens a new page in the browser, I do the payment on their platform and then, the user is redirected back to my website using a POST request. However, even if he was logged in when he quit my website, when he gets redirected back to my website and the origin is the payment platform, my user doesn't seem to still be logged in. He isn't logged out though, it's

即使起源不是当前网站，有没有办法使会话保持活动状态?因此，我在域A上，单击链接以获取域B的付款，付款完成后，我将使用身份验证(会话)重定向到域A.

Is there a way to keep the session active even when the origin is not the current website? So, I am on domain A, I click to a link to get the payment on domain B and when the payment is done, I'm redirect to domain A with my authentication (session).

非常感谢！

推荐答案

相同的站点cookie配置是一个问题，主要是在chrome上发现的.您可以尝试使用带有安全标志的 SameSite = none ；在会话配置文件中更改此设置.另外，请确保您使用 https .

It's an issue with same site cookie configuration, mainly observed on chrome. You could try with SameSite=none with secure flag; change this in the session configuration file. Also make sure you use https.

这篇关于如果请求来自其他来源，是否可以使用会话/Cookie?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！