存储其他网站的Cookie [英] Store cookie for other site

查看:118
本文介绍了存储其他网站的Cookie的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有多个asp.net网站。当用户登录到其中一个站点时,我想存储一个cookie,告诉我用户已经登录。当用户稍后访问其他网站时,我想从该网站读取Cookie。



AFAIK您既不能读取Cookie也不能写入Cookie其他网站,那么什么可以解决方法是?
可能会重定向到 http://www.othersite.com/SaveCookie.aspx

我们的一个客户端具有完全相同的要求(登录到不同域上的多个站点),复杂的事实是其中一个站点要求用户登录到经典的ASP应用程序,.NET 1.1应用程序和.NET 3.5应用程序在不同的硬件上运行,但是在同一个域下...



我们基本上实现了循环风格重定向系统,其中每个域记录用户in,然后将其退回到下一个域,直到它们返回到原始域,此时它们被重定向到其原始请求。



因此(页面和域更改为保护无辜者):


  1. 用户请求 www.example1.com/page1.aspx

  2. 设置了一个cookie,告诉我们用户尝试访问page1.aspx,并且用户被发送到www.example1.com/login.aspx

  3. 用户登录,然后重定向到 www.example2.com/processlogin.aspx?token=EncryptedToken

  4. ProcessLogin。 aspx检查一个cookie,告诉它在哪里指导用户,如果它找不到一个,它解密令牌,记录用户在example2.com,然后重定向他们到 www.example1.com/processlogin .aspx?token = EncryptedToken (或example3.com - 根据需要重复)

  5. 如4所示,ProcessLogin.aspx检查Cookie,找到它,删除它并重定向


  6. 如果用户以后访问www.example2.com上的某个网页,那么在用户访问/page1.aspx之前






    编辑以回复评论

    strong>



    这取决于你对其他页面的请求。如果您从代码提出请求,您正在做的是在服务器上而不是在用户浏览器上设置Cookie。



    Cookie需要由服务器发送到客户端浏览器,这是在页面响应的标题中完成 - 所以您需要指导用户的浏览器到另一个网站的页面,以从该域发出cookie。



    您可以生成对IFrame中的其他页面的请求,或者尝试在一个自闭的弹出窗口中执行它 - 但是有其他问题,如弹出窗口阻止程序,闪烁的窗口,等等。



    经过一番调查,我们发现这样一个循环的重定向集是最简单和最可靠的解决方案。



    一个非常基本的代码设置:



    一个.aspx页面,包含登录控件,方法OnLoggedIn附加到控件的LoggedIn事件:

      void OnLoggedIn(object sender,EventArgs e){
    string returnUrl = Request.QueryString [returnUrl];

    //创建新的cookie,存储值并添加到cookie集合
    HttpCookie myCookie = new HttpCookie(WhereTo);
    myCookie [ReturnUrl] = ReturnUrl;
    Response.Cookies.Add(myCookie);

    //重定向用户到下一个域的往返登录处理器。
    //根据需要创建域。
    string redirect = GetNextDomain();
    //添加编码用户令牌
    redirect + =?token =+ EncodeUserToken();

    //重定向用户,并结束对此线程的进一步处理
    Response.Redirect(redirect,true);
    }

    然后在两个服务器上都有ProcessLogin.aspx, it:

      protected void Page_Load(object sender,EventArgs e){
    //查找重定向cookie
    if(Request.Cookies [WhereTo] [ReturnUrl]!= null){
    //从cookie中保存值
    string redirect = Request.Cookies [WhereTo] [ReturnUrl ];

    //通过创建一个空的cookie来删除原始cookie,并将其设置为
    //以使其昨天到期,并将其添加到响应中。
    HttpCookie myCookie = new HttpCookie(WhereTo);
    myCookie.Expires = DateTime.Now.AddDays(-1d);
    Response.Cookies.Add(myCookie);

    //重定向用户,并停止处理
    Response.Redirect(redirect,true);
    }

    //仍然在这里,所以登录和重定向
    string encryptedToken = Request.QueryString [token];

    if(!string.IsNullOrEmpty(encryptedToken)){
    //解密令牌,并在
    中记录用户//这将根据您的身份验证机制而有所不同
    PerformLogin(encryptedToken);
    }

    //重定向用户到下一个域的往返登录处理器。
    //根据需要创建域。
    string redirect = GetNextDomain();
    //添加编码的用户令牌 - 不需要重新计算,它将是相同的
    redirect + =?token =+ encryptedToken;

    //重定向用户,并结束对此线程的进一步处理
    Response.Redirect(redirect,true);
    }


    I have multiple asp.net sites. When a user logs unto one of the sites, I want to store a cookie telling me that a user has logged on. When the user later visits one of the other sites I have, I would like to read the cookie from that site.

    AFAIK you neither can read cookies from or write cookies to other sites, so what could a workaround be? Perhaps making a redirect to http://www.othersite.com/SaveCookie.aspx ?

    Give me some ideas :-)

    解决方案

    One of our clients has exactly the same requirement (logging into multiple sites on different domains), complicated by the fact that one of the sites requires that the user is logged in to a classic ASP application, a .NET 1.1 application and a .NET 3.5 application running on different hardware, but under the same domain...

    We've basically implemented a system of round-robin style redirects, where each domain logs the user in, then bounces them on to the next domain until they return to the original domain at which point they are redirected to their original request.

    So (pages and domains changed to protect the innocent):

    1. User requests www.example1.com/page1.aspx
    2. A cookie is set that tells us the user was attempting to access page1.aspx, and the user is sent to the www.example1.com/login.aspx
    3. The user logs in, and is then redirected to www.example2.com/processlogin.aspx?token=EncryptedToken
    4. ProcessLogin.aspx checks for a cookie telling it where to direct the user, if it can't find one, it decrypts the token, logs the user in on example2.com, and then redirects them to www.example1.com/processlogin.aspx?token=EncryptedToken (or example3.com - repeat as required)
    5. As in 4, ProcessLogin.aspx checks for the cookie, finds it, deletes it and redirects the user to /page1.aspx.

    If the user later on visits a page on www.example2.com, before the authentication ticket timeout, they will still be logged in on that site as well.


    Edit to respond to comment

    That depends on how you are making the "request to the other pages". If you make the request from your code behind, what you're doing is effectively setting the cookie on the server, rather than on the users browser.

    Cookies need to be issued by the server to the client browser, and that is done in the headers of the page response - so you need to direct the users browser to a page on the other site to issue the cookie from that domain.

    You could generate a request to the other page in an IFrame, or try and do it in a self closing pop-up window - but that has other issues like pop-up blockers, flickering windows, etc.

    After some investigation we found that a round-robin set of redirects like this was the simplest and most reliable solution.

    A very basic code setup:

    An .aspx page, containing a Login control, with a method "OnLoggedIn" attached to the LoggedIn event of the control:

    void OnLoggedIn(object sender, EventArgs e){
      string returnUrl = Request.QueryString["returnUrl"];
    
      // Create new cookie, store value, and add to cookie collection
      HttpCookie myCookie = new HttpCookie("WhereTo");
      myCookie["ReturnUrl"] = ReturnUrl;
      Response.Cookies.Add(myCookie);
    
      // Redirect user to roundtrip login processor on next domain.
      // Work out domain as required.
      string redirect = GetNextDomain();
      // Add encoded user token
      redirect += "?token=" + EncodeUserToken();
    
      // Redirect the user, and end further processing on this thread
      Response.Redirect(redirect, true);
    }
    

    Then on both servers you have ProcessLogin.aspx, that has something like this in it:

    protected void Page_Load(object sender, EventArgs e){
      // Look for redirect cookie
      if (Request.Cookies["WhereTo"]["ReturnUrl"] != null){
        // Save value from cookie
        string redirect = Request.Cookies["WhereTo"]["ReturnUrl"];
    
        // Delete original cookie by creating an empty one, and setting it
        // to expire yesterday, and add it to the response.
        HttpCookie myCookie = new HttpCookie("WhereTo");
        myCookie.Expires = DateTime.Now.AddDays(-1d);
        Response.Cookies.Add(myCookie);
    
        // Redirect the user, and stop processing
        Response.Redirect(redirect, true);
      }
    
      // Still here, so log in and redirect
      string encryptedToken = Request.QueryString["token"];
    
      if (!string.IsNullOrEmpty(encryptedToken)){
        // Decrypt token, and log user in
        // This will vary depending on your authentication mechanism
        PerformLogin(encryptedToken);
      }
    
      // Redirect user to roundtrip login processor on next domain.
      // Work out domain as required.
      string redirect = GetNextDomain();
      // Add encoded user token - no need to recalculate, it will be the same
      redirect += "?token=" + encryptedToken;
    
      // Redirect the user, and end further processing on this thread
      Response.Redirect(redirect, true);
    }
    

    这篇关于存储其他网站的Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆