使用jsonp跨域获取Cookie值不适用于IE
[英]Getting cookies values cross domain using jsonp not working for IE
问题描述
I am having trouble getting cookie information from domain A to domain B, using jsonp. 
我无法使用jsonp将Cookie信息从域A转移到域B。 I've got it working for Chrome and Firefox et al., but for IE it does not work. 我已经可以在Chrome和Firefox等系统上使用了,但是对于IE则无法使用。 I am doing a jsonp request from domain B to domain A that sets a cookie there through php on domain A and then I do a check for that same cookie from B again. 我正在执行从域B到域A的jsonp请求,该请求通过域A上的php在那设置了一个cookie,然后再次从B重新检查了该cookie。 The information in the cookie is then printed to screen (domain A), so that I can pick that up from domain B and set a cookie there that mirrors that information (I am aware of the security risks, I am not trying to sync sensitive information here, just a setting). 然后将Cookie中的信息打印到屏幕(域A)上,以便我可以从域B提取该信息,并在其中设置一个反映该信息的Cookie(我知道存在安全风险,因此我不打算同步敏感此处的信息,只是一个设置)。
So, as said, this is working on FF, Chrome etc. But on IE, I see that only session cookies are returned, which the cookie that I set isn't (and shouldn't be). 因此,如上所述,这适用于FF,Chrome等。但是在IE上,我看到只返回了会话cookie,而我设置的cookie不是(也不应该)。
Any clue what's wrong here? 知道这里有什么问题吗? Or isn't this even possible? 还是不可能吗? I also briefly tried CORS, but that has the same problem. 我也短暂地尝试过CORS,但是有同样的问题。
I have the following test setup: 我有以下测试设置:
Domain A: (central domain) 域A :(中央域)
login.php login.php
<?php
//below line solves the problem. See accepted answer
header('P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"');
setcookie("loggedin","5",time()+3600);
echo 1;
check.php check.php
<?php
//below line solves the problem. See accepted answer
header('P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"');
$cookies = implode('; ', array_map(function ($v, $k) { return $k . '=' . $v; }, $_COOKIE, array_keys($_COOKIE)));
if(isset($_COOKIE['loggedin'])&&($_COOKIE['loggedin'] == "5")) {
echo "alert('logged in, ".$cookies."');";
} else {
echo "alert('not logged in, ".$cookies."');";
}
Domain B: 域B:
jsonp.html jsonp.html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
</head>
<body>
<h1>hi!</h1>
<script>
jQuery.ajax({
url: 'http://cookies.hidev.nl/login.php',
dataType: 'jsonp',
type: "get",
});
//note: first call will set the cookie, next succeeds only after reload due to async loading. This is only for test purposes
jQuery.ajax({
url: 'http://cookies.hidev.nl/check.php',
dataType: 'jsonp',
type: "get"
});
</script>
</body>
</html>
1 个解决方案
解决方案1
0 已采纳 2015-11-13 15:00:32
In the end, this all came down to adding a p3p policy header to the scripts. 最后,所有这些都归结为在脚本中添加了p3p策略标头。 For that I used the p3p hack used by facebook: 为此,我使用了Facebook使用的p3p hack:
header('P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"');
An important thing to note is that I thought a P3P gave you access to cookies on another domain. 需要注意的重要一点是,我认为P3P使您可以访问另一个域上的cookie。 That is not entirely true. 这不是完全正确的。 You only have access to cookies that are also set with a P3P header. 您只能访问也使用P3P标头设置的cookie。 My live setup is a little more complex, and in some cases the cookies were set on domain A without a P3P and not via a secondary domain (like B in my example). 我的实时设置稍微复杂一点,在某些情况下,Cookie是在没有P3P的域A上设置的,而不是通过辅助域设置的(例如本例中的B)。 In this case, I could not read the cookies from domain B. 在这种情况下,我无法从域B中读取Cookie。
I changed the example above to reflect the solution. 我更改了上面的示例以反映解决方案。 Of course, change the text to something appropriate, and make sure you don't accidentially use words that are equivalent to the compact codes (eg LAW, NON etc.). 当然,请将文本更改为适当的内容,并确保不要意外使用与紧凑代码等效的词(例如,Law,NON等)。
In my case I can do this, as we are only storing information client side, and we do not even know what it is ourselves. 就我而言,我可以这样做,因为我们仅存储客户端信息,而我们甚至不知道它本身是什么。 We are not storing any data. 我们不存储任何数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.