简体繁体 English

如何将cookie“转发”到另一个页面

[英]How to “Forward” a cookie to another page

原文 2010-06-11 22:22:13 8 5 c#/ .net/ asp.net/ cookies

我想知道是否有一种简单的方法来获取用户的会话cookie并将其发布到不同网站上的页面进行处理？

5 个解决方案

If a diffrent site means a diffrent domain or even subdomain, the answer is no. 如果不同的网站意味着不同的域甚至子域，答案是否定的。 For security reasons a cookie should not be read by other pages. 出于安全原因，其他页面不应读取cookie。 And as a session cookie only contains a session ID but the actual session data is stored on the server, posting a users cookie to another site would not give you access to the users data on this page. 并且由于会话cookie仅包含会话ID，但实际会话数据存储在服务器上，将用户cookie发布到另一个站点将无法访问此页面上的用户数据。

If example.com sets a cookie, then a page from example.com can have some script that reads the cookie and posts that information to whatever site it wants. 如果example.com设置了一个cookie，那么来自example.com的页面可以有一些脚本来读取cookie并将该信息发布到它想要的任何站点。 So if the cookie is 'under your control', you can send it where ever. 因此，如果cookie是“在您的控制之下”，您可以将它发送到任何地方。 Generally, however, a session ID isn't useful except on the site where it came from (and it's probably a security hole that should be fixed if the cookie can leak information about the session). 但是，一般情况下，会话ID除了来自它的站点之外没有用（如果cookie可能泄漏有关会话的信息，它可能是一个应该修复的安全漏洞）。 Actually, it's probably a security hole if your pages are giving out your session cookies to other sites. 实际上，如果您的网页将会话cookie发送给其他网站，则可能是一个安全漏洞。

However, browser security rules will (or at least should) prevent your page from trying to read cookies set by other sites. 但是，浏览器安全规则将（或至少应该）阻止您的网页尝试读取其他网站设置的Cookie。

Straight answer, if they are different domains, then no. 直接回答，如果他们是不同的领域，那么没有。 If they are on the same domain, then set the cookie path to "\\" and you should be set. 如果它们位于同一个域中，则将cookie路径设置为“\\”，然后设置。 In any case, I think it's still worthwhile to check out a technique called web beaconing and see if you can adapt any part of that method to suit your needs, should you be dealing with different domains (hope not). 在任何情况下，我认为仍然值得检查一种称为网络信标的技术，看看你是否可以调整该方法的任何部分以满足您的需求，如果您要处理不同的域（希望不是）。

http://en.wikipedia.org/wiki/Web_bug http://en.wikipedia.org/wiki/Web_bug

http://www.webmaster-talk.com/javascript-forum/183163-redirect-different-page-if-no-cookie.html http://www.webmaster-talk.com/javascript-forum/183163-redirect-different-page-if-no-cookie.html

This will help u.. 这将有助于你..

Like Kau-Boy said: 像Kau-Boy说：

If a diffrent site means a diffrent domain or even subdomain, the answer is no. 如果不同的网站意味着不同的域甚至子域，答案是否定的。

This is due to the SSH Secure Shell. 这是由SSH Secure Shell引起的。 To do it, you would be going against everything (almost) that the SSH Secure Shell does for the internet. 要做到这一点，你将反对SSH Secure Shell为互联网所做的一切（几乎）。 You would have to play with some low level protocols to get all the private keys and such. 您必须使用一些低级协议来获取所有私钥等。 If these were your servers, this might be possible; 如果这些是您的服务器，这可能是可能的; but very bug prone because these handshakes (like most) are designed to not happen the same way twice. 但非常容易出错，因为这些握手（像大多数人一样）被设计为不会以相同的方式发生两次。