In fact, Cookie cross-site sharing is very simple. As long as two sites are under the same level directory, the cookie of one site can be referenced by another site. that is, their domain attributes are the same. for example, I have two websites on drive F, one is the user system and the other is the news system. after logging on to the user system, you can directly access the news system without logging on to the news system again. this is often referred to as single sign-on.
There is a Web service in the user system, and the service has a method to verify user logon. this method is used. after the user successfully logs on, a cookie is created to save the user name and password. then the cookie can be directly accessed in the news system. because they belong to the same domain.
The most important thing is that although we can access this cookie, we need to be clear that the cookie is saved on the client, that is, the content of the cookie can be modified from the client, therefore, the server always has to be skeptical about the cookie sent by the client. You cannot believe that this cookie must be the original cookie sent by the server. so we need to verify this cookie.
It may be unclear. Let me give another example. just like csdn, you can choose to save for two weeks at login without repeated logon. you no longer need to enter the user name and password to log on, but the server does not verify your user name and password. It still needs to verify the user name and password. instead, it only reads the user name and password in your cookie file. if you manually modify the user name and password in the cookie stored on your hard disk, it will still fail if it is incorrect.
The following describes how to verify the cookie. it is very easy to verify the user name and password in the cookie in the user system. because a user table exists in the database of the user system, the user name and password in the cookie can be directly read and matched in the database.
However, the problem is that the user name and password in the cookie must be verified in the news system, and the table is not used in the news system at all. All users log on through the user system through a single point.
At this time, the key is coming. Do you still remember the Web service in the user system described above? That's right. Right-click the website directory of the news system, select Add web reference, and select this web service. The system will automatically generate a proxy class for this web service. then we can directly use the Web Service of the user system to verify the user login method.
I wrote Bolg to facilitate future queries, but some of my thoughts are not very clear. I hope you will forgive me.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
