如何在子域和域之间共享cookie?
如何在子域和域之间共享cookie?
提问于 2018-03-05 07:53:52
我有两个问题。 据我所知,如果我在cookie中指定域名为.mydomain.com(带有前导点),那么所有子域名都可以共享一个cookie。
subdomain.mydomain.com可以访问在mydomain.com(不含www子域)中创建的cookie吗?
如果在subdomain.mydomain.com中创建了cookie,mydomain.com(不含www子域)可以访问cookie吗?
Stack Overflow用户
发布于 2018-03-05 14:35:11
我不确定“cmackley”的答案是否显示了整个画面。我读到的是:
Unless the cookie's attributes indicate otherwise, the cookie is
returned only to the origin server (and not, for example, to any
subdomains), and it expires at the end of the current session (as
defined by the user agent). User agents ignore unrecognized cookie
attributes (but not the entire cookie).还有
8.6. Weak Integrity
Cookies do not provide integrity guarantees for sibling domains (and
their subdomains). For example, consider foo.example.com and
bar.example.com. The foo.example.com server can set a cookie with a
Domain attribute of "example.com" (possibly overwriting an existing
"example.com" cookie set by bar.example.com), and the user agent will
include that cookie in HTTP requests to bar.example.com. In the
worst case, bar.example.com will be unable to distinguish this cookie
from a cookie it set itself. The foo.example.com server might be
able to leverage this ability to mount an attack against
bar.example.com.页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/-100004197
复制相关文章
相似问题
腾讯云开发者
