How to “Forward” a cookie to another page
Question
我想知道是否有一种简单的方法来获取用户的会话cookie并将其发布到不同网站上的页面进行处理?
5 answers
solution1
3 ACCPTED 2010-06-11 22:30:30
If a diffrent site means a diffrent domain or even subdomain, the answer is no. For security reasons a cookie should not be read by other pages. And as a session cookie only contains a session ID but the actual session data is stored on the server, posting a users cookie to another site would not give you access to the users data on this page.
solution2
2 2010-06-11 22:44:29
If example.com sets a cookie, then a page from example.com can have some script that reads the cookie and posts that information to whatever site it wants. So if the cookie is 'under your control', you can send it where ever. Generally, however, a session ID isn't useful except on the site where it came from (and it's probably a security hole that should be fixed if the cookie can leak information about the session). Actually, it's probably a security hole if your pages are giving out your session cookies to other sites.
However, browser security rules will (or at least should) prevent your page from trying to read cookies set by other sites.
solution3
0 2010-06-12 00:53:19
Straight answer, if they are different domains, then no. If they are on the same domain, then set the cookie path to "\\" and you should be set. In any case, I think it's still worthwhile to check out a technique called web beaconing and see if you can adapt any part of that method to suit your needs, should you be dealing with different domains (hope not).
solution4
0
solution5
-7 2010-06-11 22:39:57
Like Kau-Boy said:
If a diffrent site means a diffrent domain or even subdomain, the answer is no.
This is due to the SSH Secure Shell. To do it, you would be going against everything (almost) that the SSH Secure Shell does for the internet. You would have to play with some low level protocols to get all the private keys and such. If these were your servers, this might be possible; but very bug prone because these handshakes (like most) are designed to not happen the same way twice.
In a nut shell: very hard, chances of actually pulling it off: low ... what are you waiting for?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.