IE:如何处理跨域cookie?

发布于 2024-10-15 11:38:27 字数 409 浏览 5 评论 0原文

我的主站点 (hostsite) 有一个 IFRAME,其中包含托管在不同域上的注册站点 (regsite)。

我想在不同的域上托管注册,因为我觉得将数据库登录信息存储在主机站点上并不安全,因为很多人都可以访问后端。

所有浏览器都接受来自 regsite 的登录会话 cookie - Internet Explorer 8 不接受。让 IE 接受此 cookie 的唯一方法是将两个站点添加到“受信任的站点”中,这不是我想要的。

除了本地浏览器设置之外,还有什么方法可以解决跨域问题,或者是将注册移动到主机站点的唯一选择(curl 不是一个选项,因为我在注册网站上显示的不是静态 HTML,而是 PHP 文件)?

My main Site (hostsite) has an IFRAME with a registration site (regsite) hosted on a different domain.

I want to host the registration on a different domain, because I feel storing the DB login information on hostsite is not safe as many people have access to the backend.

All browsers accept the login session-cookie coming from regsite - Internet Explorer 8 does not. The only way to make IE accept this cookie is by adding both sites to "Trusted Sites" which is not what i want.

Is there any way I can work around the cross-domain issue besides a local browser setting or is my only option to move the registration to hostsite (curl is not an option as it's not static HTML I'm displaying on the registration site, but PHP files)?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

野却迷人 2024-10-22 11:38:27

我认为这可以在不移动任何东西并且很少编程的情况下解决。只需要一些 DNS 规则即可。

例如,您可以创建一个名为 register.hostsite(.com) 的新子域,指向 regsite 所在的 IP。

然后将 IFRAME 重定向到该新子域。

它将从同一服务器获取相同的位,但现在它将位于主机站点的域内。

这应该(至少在理论上)足以满足 IE 的要求。但我不是 100% 确定,我已经很长时间没有使用 IFRAMES 了。

如果这不起作用,我建议也询问 serverfault

编辑:我正在寻找另一个问题,并发现了雅虎的“微代理”PHP 实现。这是他们解决此类问题的推荐方法:

http://developer.yahoo .com/javascript/samples/proxy/php_proxy_simple.txt

I think this can be solved without moving anything, and little programming. Just with some DNS rules.

For example, you can create a new subdomain called register.hostsite(.com) pointing to the ip where regsite is.

Then re-direct the IFRAME to that new subdomain.

It will get the same bits from the same server, but now it will be inside hostsite's domain.

That should (at least in theory) be enough to satisfy IE. I'm not 100% sure though, I haven't used IFRAMES in a long time.

If that doesn't work, I'd suggest asking on serverfault, too.

EDIT: I was looking for another issue and found this 'micro-proxy' PHP implementation by yahoo. It's their recommended way of resolving this kind of issues:

http://developer.yahoo.com/javascript/samples/proxy/php_proxy_simple.txt

岁月流歌 2024-10-22 11:38:27

iframe 和 IE 的问题在于 IE 将 iframe 的内容视为第三方(如广告等)。

要让 IE 实际存储此域文档设置的 cookie,您需要让其他域发出 P3P-标题说明其意图。这很容易做到,只需要添加一个 http 标头。

我不确定你所说的跨域问题是什么意思,因为没有跨域问题 - 你只是有来自两个不同域的两个不同文档。您尚未说明是否尝试让一个域为另一个域设置 cookie,或者一个页面访问另一个域。

The problem with the iframe and IE is that IE considers the iframe's content as 3'rd party (as in advertisements etc).

To have IE actually store the cookies set by this domain document you need to have the other domain emit an P3P-header stating its intentions. This is easy to do and requires only a single http-header to be added.

I'm, not sure what you mean by cross domain issues though as there are none - you simply have two different documents from two different domains. You have not stated whether you are trying to have one domain set cookies for the other, or one page access the other.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文