PHP:使用外部 cookie
我有一个 php 应用程序,可以通过 iframe 从单独的域中提取页面。这些页面正在使用cookie。
我注意到有些浏览器有一个默认设置,可以阻止任何外部 cookie。这会给我带来很大的问题。
我听说过 P3P,但找不到太多关于如何使用 cookie 实现它的提及。
非常感谢任何帮助,
琼斯
I have a php application that pulls in pages from a separate domain via iframes. These pages are using cookies.
I've noticed some browsers have a default set that blocks any external cookies. This is going to cause quite a problem for me.
I've heard mention of P3P but can't find much mention about how to implement it with cookies.
Any help most appreciated,
Jonesy
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您仅通过将外部站点嵌入 iframe 即可访问其 cookie,那将是非常糟糕的。试想一下,如果您能够通过嵌入 facebook.com 的会话 cookie 来访问它。
It would be extremely bad if you could access an external site's cookies just by embedding it in an iframe. Just imagine if you were able to access facebook.com's session cookie just by embedding it.
只是为了澄清 Maerlyn 所说的内容 - 你所描述的是不可能的。该网站只能从自己的域访问 cookie。当您访问 facebook.com 时,您的 Facebook cookie 会发送到该域。当您访问 google 时,您的 Facebook cookie 不会发送到那里。 Google 无法查看您的 Facebook cookie。即使它使用 iframe。时期。这是一项安全功能。
所以,我建议你看看其他方法来设计你的软件系统。例如,如果您嵌入的网站有 API,我会使用它。或者做一个后端服务同步来拉取用户信息。无论如何,您需要获得其他服务/其他域的同意才能执行此操作。
Just to clarify what Maerlyn is saying - what you're describing is impossible. The website can only access cookies from its own domain. When you go to facebook.com, your facebook cookies are sent to that domain. When you go to google, your facebook cookies are NOT sent there. There is no way for Google to look at your Facebook cookies. Even it uses iframes. Period. This is a security feature.
So, I suggest you look at other ways to design your software system. For example, if the website you're embedding has an API, I'd use that. Or do a back-end service synchronization to pull in user information. In any case, you need the consent of the other service / other domain to do this.