客户端和服务器端 cookie
[英]client side and server side cookies
问题描述
I created a cookie on the client's browser using "document.cookie" (localhost:8000).
我使用“document.cookie” (localhost:8000) 在客户端的浏览器上创建了一个 cookie。 Then I used XMLHttpRequest() to call a same-origin server (localhost:8000).然后我使用 XMLHttpRequest() 调用同源服务器 (localhost:8000)。 I COULD use PHP's $_COOKIE on the server to get the cookie I created on the client.我可以在服务器上使用 PHP 的 $_COOKIE 来获取我在客户端上创建的 cookie。
When I did the same using a cross-origin server (localhost:8080), I could NOT get the cookie even though I set 'withCredentials' property on the XMLHttpRequest object to 'true' and used the following on the server side:当我使用跨域服务器 (localhost:8080) 执行相同操作时,即使我将 XMLHttpRequest 对象上的“withCredentials”属性设置为“true”并在服务器端使用以下内容,我也无法获取 cookie:
header("Access-Control-Allow-Origin: http://localhost:8000"); header("Access-Control-Allow-Origin: http://localhost:8000"); header("Access-Control-Allow-Credentials: true"); header("Access-Control-Allow-Credentials: true");
That means the local cookies are visible only on a same-origin server but not on a cross-origin server.这意味着本地 cookie 仅在同源服务器上可见,而在跨源服务器上不可见。 Is my understanding correct, or I am doing something wrong?我的理解是正确的,还是我做错了什么?
Thank you Albert谢谢阿尔伯特
1 个解决方案
解决方案1
-1 2020-10-23 04:36:05
When I learnt about Fetch which is newer than XMLHttpRequest, I thought that it would allow me to send the local cookie created on the browser to the cross-origin server, but to my surprise, I found the same result.当我了解到比 XMLHttpRequest 更新的 Fetch 时,我认为它可以让我将浏览器上创建的本地 cookie 发送到跨域服务器,但令我惊讶的是,我发现了相同的结果。 The documentation says I can.文档说我可以。 Please refer to the section: Sending a request with credentials included in https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch请参阅以下部分:使用https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch 中包含的凭据发送请求
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.