跨域cookies [英] Cross domain cookies
问题描述
我有一个小问题.
如何为多个域设置 cookie?
How do I set a cookie for multiple domains?
我确实了解安全问题,而且我确信以前已经解决了.这样做的原因是 SSO.
I do understand the security problems, and I am sure it has been done before. The reason for this is SSO.
即.
account.domain.com 需要设置域登录:
域名.com,domain1.com,domain2.com.
domain.com, domain1.com, domain2.com.
是否有任何简单的方法,使用 PHP 和 cookie,或任何替代方法?
Is there any easy way, using PHP and cookies, or any alternatives?
推荐答案
domain.com 绝对没有办法为 domain1.com 设置 cookie.您尝试做的事情只能通过让用户的浏览器向每个域提交请求来解决,然后每个域将设置自己的 cookie.
There is absolutely no way for domain.com to set a cookie for domain1.com. What you are attempting to do can only be solved by getting the user's browser to submit requests to each domain which will then set its own cookie.
然后您需要一种方法来为每个域验证用户的身份.有两种方法可以解决这个问题:
Then you need a way for each domain to verify the user's identity. There are two approaches to this:
- 反向渠道 - 站点直接相互联系以确定用户是否登录.
- 在 GET 或 POST 中传递令牌 - 当用户的浏览器被重定向到另一个站点时,会传递一个包含身份和会话状态的数字签名参数.
这真的很复杂.我建议你不要自己动手.查看 SimpleSAMLPHP 以了解我所描述的 PHP 实现.
It's really quite complicated. I suggest you don't roll your own. Take a look at SimpleSAMLPHP for a PHP implementation of what I'm describing.
这篇关于跨域cookies的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
