Cross-domain issues with cookies

Misunderstood Httpcookie.domain attributes

Some say that you can use the Httpcookie.domain property for cross-domain access, if you write the B station (B.Com) cookie in the A station (a.com), as shown below

This is actually wrong, after running through the browser view, and did not successfully write to the B station of the cookie (read also failed, due to the browser's privacy policy restrictions, non-domain-readable cookies are forbidden).

So this domain attribute should be able to span subdomains , such as X. A.com and y.a.com, by setting the httpcookie.domain= ". A.com "for cross-subdomain access.

 // a station a_setcookie.aspx (www.a.com)  HttpCookie cookie = new  HttpCookie ( Span style= "color: #800000;" >key   ); cookies. Value  = Key;cookie. Domain  =  .b.com  "; //  cookie specified here. Path =  /  " ;cookie. Expires  = DateTime.Now.AddHours (1  ); FILTERCONTEXT.REQUESTCONTEXT.HTTPCONTEXT.RESPONSE.COOKIES.ADD (cookie);  

Since cookies cannot be shared across domains, how can cross-domain access be implemented?

You can use the script tag to indirectly invoke the page of station B to achieve the purpose of writing B-Station cookies.

Step one: First set the cookie method under B station (b_setcookie.aspx):

HttpCookie cookie = new HttpCookie ("key");

Cookies. Value = Key;cookie. Domain = ". B.Com";//the B station Cookie.path = "/" is specified here, and acookie. Expires = DateTime.Now.AddHours (1); RESPONSE.COOKIES.ADD (cookie);  

Step two: Since the <script> tag can automatically access third-party websites, you can set the following in the page of site A, such as a_setcookie.aspx

"http://www.b.com/b_setCookie.aspx" />
When the above steps are completed, when you access the a_setcookie.aspx of station A, the http://www.b.com/b_setCookie.aspx is automatically accessed for the purpose of writing to the B-station cookie.
Note Browser third-party cookie restrictions
The so-called third-party cookie is that you visit a page of domain A, but you receive the cookie setting instruction of domain B. Then B belongs to a third party, and there are some differences between browsers for third-party cookies, such as the following table

 
 
 
  
  

    Third-party cookie rules for different browsers 
  
 
  
  
 
   
 
    
 
 
    
IE
 
    
FIREFOX
 
    
CHROME
 
    
SAFARI
 
    
OPERA
 
   
 
   
 
    
Restricting third-party Coookie
 
    
Is
 
    
Whether
 
    
Whether
 
    
Is
 
    
Whether
 
   
 
  
 
 
 
Using P3P to set cookies across domains
P3P ((Platform for Privacy Preferences)) Introduction
Http://baike.baidu.com/link?url=WVQp0aTUQgCoIzYm7rV_mur829NtWZCiSq9Kee_WusqmOWOQDwS2DNzw_S5M6UM-EcvNCliBHvYAV4kEjRBip_
To eliminate this limitation, you can add the following settings to the B_setcookie.aspx
RESPONSE.HEADERS.ADD ("p3p""cp=/" CURa ADMa DEVa Psao psdo Our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP cor/"");
Cross-domain issues with cookies