在两个网站之间共享 cookie [英] Share a cookie between two websites
问题描述
我建立了一个网站 (A),用于登录并从单独的网络服务中检索客户数据.
I have built a website (A) which logs in to and retrieves customer data from a separate web service.
拥有 (A) 的组织也有一个网站 (B),其中包含一个网络表单.他们希望 (A) 上的登录客户能够点击 (B) 并查看包含其详细信息的预填充表单.
The organisation that owns (A) also has a website (B) which has a web form. They want a logged in customer on (A) to be able to click across to (B) and see a pre-populated form with their details.
这意味着 (A) 必须将他们的客户 ID 写入 (B) 可以读取的 cookie,然后 (B) 可以从 Web 服务请求数据,并预填充表单.
This means (A) must write their customer ID to a cookie, which (B) can read, and then (B) can request the data from the web service, and pre-populate the form.
这引发了两个问题:
网站 (B) 能否读取网站 (A) 的 cookie?
Can website (B) read the cookie for website (A)?
如果是这样,为了防止有人编辑 cookie 并在表单中看到其他人的数据,我需要做一些事情,比如在 (A) 上加密 cookie,然后在 (B) 中解密 - 任何沿着这条线的建议?
If so, to prevent someone from editing a cookie and seeing other people's data in the form, I would need to do something like encrypt the cookie on (A) and then have that decrypted in (B) - any suggestions along this line?
我无法将现有登录更改为 OAuth 或其他内容,因为 Web 服务已被其他几个站点使用,因此无法更改.
I can't change the existing login to OAuth or something, as the web service is consumed by several other sites, so this cannot change.
推荐答案
没有.网站 B 无法从网站 A 读取 cookie.
No. Website B can't read a cookie from website A.
最简单的解决方法是将登录/凭据信息从网站 A 传递到网站 B,并让网站 B 设置单独的 cookie.例如,在登录网站 A 后,您可以使用加密的查询字符串将它们快速重定向到网站 B.然后网站 B 可以读取信息,设置自己的 cookie,并将用户重定向回网站 A.
The easiest work-around is to pass login/credential information from website A to website B and have website B set a seperate cookie. For example, after logging into website A you could have them quickly redirected to website B with an encrypted querystring. Website B could then read the information, set its own cookie, and redirect the user back to site A.
这很麻烦,但有可能.
这篇关于在两个网站之间共享 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
