跨域Cookie [英] Cross domain cookies

问题描述

我有一个小问题。

如何为多个网域设定Cookie？

How do I set a cookie for multiple domains?

了解安全问题，我相信它已经做了之前。原因是SSO。

I do understand the security problems, and I am sure it has been done before. The reason for this is SSO.

即

account.domain.com 需要为以下帐户设置域登录：

account.domain.com will need to set domain logged in for:

domain.com，
domain1.com，
domain2.com

domain.com, domain1.com, domain2.com.

有任何简单的方法，使用PHP和cookies，或任何替代方案？

Is there any easy way, using PHP and cookies, or any alternatives?

推荐答案

domain.com绝对没有办法为domain1.com设置cookie。您尝试执行的操作只能通过让用户的浏览器向每个域提交请求，然后设置自己的Cookie来解决。

There is absolutely no way for domain.com to set a cookie for domain1.com. What you are attempting to do can only be solved by getting the user's browser to submit requests to each domain which will then set its own cookie.

然后，您需要为每个域验证用户身份的方法。有两种方法：

Then you need a way for each domain to verify the user's identity. There are two approaches to this:

1. 返回频道 - 网站直接联系以确定用户是否登录。


2. 在GET或POST中传递令牌 - 当用户的浏览器重定向到其他网站时，会传递包含身份和会话状态的数字签名参数。

这真的很复杂。我建议你不要自己。查看 SimpleSAMLPHP ，了解我要描述的PHP实现。

It's really quite complicated. I suggest you don't roll your own. Take a look at SimpleSAMLPHP for a PHP implementation of what I'm describing.

这篇关于跨域Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！