跨服务器 Cookie、PHP
我们有 2 台网络服务器,一台安全,一台普通。
是否可以设置这样的 cookie
setcookie("basket[id]", $newID, time()+60*60*24, "/", SITE_URL, 0, true);
setcookie("basket[id]", $newID, time()+60*60*24, "/", SECURE_SITE_URL, 1, false);
在哪里
SITE_URL = www.sitename.com
SECURE_SITE_URL = xxxxx.securesitename.com
凯尔
We have 2 web servers, one secure and one normal.
Is it possible to set a cookie like this
setcookie("basket[id]", $newID, time()+60*60*24, "/", SITE_URL, 0, true);
setcookie("basket[id]", $newID, time()+60*60*24, "/", SECURE_SITE_URL, 1, false);
Where
SITE_URL = www.sitename.com
SECURE_SITE_URL = xxxxx.securesitename.com
Kyle
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
设置 Cookie
使用 setcookie 您可以设置域参数来指示 cookie 的位置可用的。要使 cookie 在 example.com 的所有子域上可用,您可以将其设置为“.example.com”。这 。不是必需的,但可以使其与更多浏览器兼容。
只要您的服务器被不同的子域引用,您就可以相应地设置您的cookie。
安全参数
Secure,指示 cookie 只能通过安全 HTTPS 连接从客户端传输。
在不同的域上设置 Cookie
服务器无法为其不属于的域设置 Cookie。
发出 cookie 的服务器必须是它尝试在 cookie 中设置的域的成员。也就是说,名为 www.myserver.com 的服务器无法为 www.yourserver.com 域设置 cookie。
Double Click 如何做到这
一点 该规则的一个例外是广告代理公司 Double click。当从他们的服务器加载到其他人的网站上时,他们通过将 cookie 与图像请求打包在一起,在您不访问特定网站的情况下设法将 cookie 添加到您的 PC。
Set Cookie
With setcookie you can set the domain parameter to indicate where the cookie is available. To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers.
As long as your servers are referred to with different sub-domains, you can set your cookies accordingly.
Secure parameter
Secure, indicates that the cookie should only be transmitted over a secure HTTPS connection from the client.
Setting a Cookie on a different domain
A server cannot set a cookie for a domain that it isn't a member of.
The server issuing the cookie must be a member of the domain that it tries to set in the cookie. That is, a server called www.myserver.com cannot set a cookie for the domain www.yourserver.com.
How Double Click do it
One exception to the rule is ad agency Double click. Who manage to add cookies to your PC without you visiting the specific web site by packaging cookies with image requests when they are loaded from their servers onto other peoples web sites.
您不能为当前域或其超集以外的域设置 cookie(例如 example.com 是 foo.example.com 和 bar 的超集.example.com)。这意味着第二个Set-Cookie将被浏览器拒绝。
一种解决方案是使用主域的子域作为安全域,例如 secure.example.com。然后,为
.example.com设置的 cookie 将在 www.example.com 以及 secure.example.com 上可用。You cannot set a cookie for a domain other than the current or a superset of it (like example.com is a superset of foo.example.com and bar.example.com). That means the second Set-Cookie will get rejected by the browser.
One solution is to use a subdomain of your main domain for your secure domain, like secure.example.com. Then a cookie set for
.example.comwould be available at www.example.com as well as at secure.example.com.