简体繁体 English

从另一个域获取用户验证cookie

[英]get user validation cookie from another domain

原文 2013-07-29 00:03:00 7 1 php/ javascript/ cookies

I am thinking about creating some sort of senior assassin game at my university, and for that I want to make a portal where users can sign up. 我正在考虑在我的大学创建某种高级刺客游戏，为此，我想建立一个用户可以注册的门户。 The problem comes in when I want to validate their student number against the university directory. 当我想根据大学目录验证他们的学生编号时，就会出现问题。

Obviously the university does not have some sort of api for this, and I want to make sure the user is validated (student at the university). 显然，大学没有为此提供某种api，因此我想确保用户得到了验证（大学的学生）。

I was thinking that I could create a page with an iframe that goes to our university portal, and sniffs the users validation cookie, but I am not sure if this will work. 我当时以为我可以创建一个带有iframe的页面，该页面可以转到我们的大学门户网站，并嗅探用户验证cookie，但是我不确定这是否行得通。 Is there someone that has experience, or some knowledge regarding this that can lend me knowledge as to how to proceed? 是否有某人有经验或对此有所了解，可以使我知道如何进行？

1 个解决方案

You cannot do this due to the same-origin policy . 由于同源政策，您无法执行此操作。 The browser does not allow javascript to access domains other than the one where javascript is currently run on. 该浏览器不允许javascript访问除当前运行javascript的域以外的域。 Imagine what kind of a gaping security hole this would be, if it were possible... 想象一下，如果可能的话，这将是一个多么巨大的安全漏洞。