为正在302重定向到的其他域设置Cookie [英] Setting a cookie for another domain being 302-redirected to

问题描述

（这个问题更像是一个现实检查比任何其他 - 我很确定这是可能的，但想确定。）

编写接收HTTP请求的代理服务器，将它们传递到远程服务器，并返回远程服务器的响应。

我遇到了一个问题，远程服务器响应是设置cookie的302重定向。例如：

  server：nginx / 0.7.65 
日期：Wed，26 Jan 2011 04:42： 18 GMT 
 connection：keep-alive 
 set-cookie：JSESSIONID = FFFFFFFUUUUUUUUUU; Domain = .50.16.34.61; Path = / 
 location：http://50.16.34.61/client/whatever.html 
 content-length：0
  

当客户端遵循重定向到50.16.34.61（与代理服务器不同的域）时，我注意到尚未设置cookie。

我试图在set-cookie指令的Domain部分做一些疯狂的事吗？

编辑 / p>

基本上，我做错了，根据 http://www.ietf.org/rfc/rfc2109.txt 请求 - 主机确实需要是set-cookie指令中的域的超集。

/ sad-trombone

解决方案

Domain =如果浏览器要求的Host：标头是使用的值的超集。

在你的情况下，似乎你的代理服务器假装是另一个服务器，因此，拦截这些Location：和Set-Cookie：标题行以及其他许多事情可能有意义，并替换相关位以保持指向您的服务器。

(This question is more of a reality check than anything else - I'm pretty sure this is possible, but want to be sure.)

I’m writing a proxy server that receives HTTP requests, passes them on to a remote server, and returns the remote server’s response.

I’ve run into a problem where one of the remote server responses is a 302 redirect that sets a cookie. Here’s an example:

server: nginx/0.7.65
date: Wed, 26 Jan 2011 04:42:18 GMT
connection: keep-alive
set-cookie: JSESSIONID=FFFFFFFUUUUUUUUUUU; Domain=.50.16.34.61; Path=/
location: http://50.16.34.61/client/whatever.html
content-length: "0"

When the client follows that redirect to 50.16.34.61 (a different domain than the proxy server) I notice that the cookies haven’t been set.

Am I trying to do something crazy here with the Domain part of the set-cookie directive?

Edit

Basically, I’m doing it wrong and according to http://www.ietf.org/rfc/rfc2109.txt the request-host really needs to be a superset of the Domain in the set-cookie directive.

/sad-trombone

解决方案

The Domain= cookie stuff will only work if the Host: header that the browser asked for is a superset of the value used.

In your case, it seems like your proxy server is pretending to be another server, so it might make sense to intercept those Location: and Set-Cookie: header lines, among many other things, and replace the relevant bits to keep pointing at your server.

这篇关于为正在302重定向到的其他域设置Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！