Home > Developer > Web Develop
Ajax cross-domain cannot carry cookies, need to use the session, and finally the perfect ending
Xhrfields: {withcredentials:true}, adding this may be one thing everyone will do but after adding it, there's another problem. The ' Access-control-allow-origin ' header Contains the invalid value ' Origin '. Origin ...2. Servers server side to configure Access-control-allow-credentials
We set the parameters in the client, which corresponds to the withCredentials=true server-side to Access-Control-Allow-Credentials = true run the client-carried certificate-based access by setting in the response header. By setting the credentials parameter, you can maintain the cookie that is passed when you cross-domain ajax.
Response.setheader ("Access-control-allow-credentials", "true");3. Servers server side to configure Access-control-allow-origin
To the above configuration, send an AJAX request, we found that there will also be an error, we are Access-Control-Allow-Origin not allowed to use * wildcard characters. The reason is: when the server side Access-Control-Allow-Credentials = true , Access-Control-Allow-Origin the value of the parameter cannot be ‘*‘ .
We reset the value of the Access-control-allow-origin, when the server side receives the request, when the response is returned, the requested domain origin is filled in the response header information (that is, who visited me, who I allow), the code is as follows:
Response.setheader ("Access-control-allow-origin", Request.getheader ("Origin"));That's all you've added.
Ajax cross-domain cannot carry cookie solution
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
