Problems and Solutions for cross-origin Cookie operations

Cross-Domain Cookie operations seem to be a simple problem, because you only need to specify the Domain attribute as the root Domain name of the specified website.

However, I encountered some problems in the actual use process, and it is worth noting.

Environment Introduction

Create a cookie under the www primary Domain name and write the Domain attribute, for example: (to facilitate debugging, the following code is asp code)

Code:

Write. asp

<%
Response. Cookies (CookieName) ("UserName") = "SunBird"
Response. Cookies (CookieName) ("Password") = "xyz1234"
Response. Cookies (CookieName). Domain = "xxxx.com"
%>

The above files are placed under the www primary domain name, and a Read. asp reading cookie is placed under the same directory.

Code:

Read. asp

<%
Response. Write Request. Cookies (CookieName) ("UserName ")
Response. Write Request. Cookies (CookieName) ("Password ")
%>

Put another Read. asp file to another subdomain site. The Code is the same as above.

Finally, we need to Clear the cookie and put Clear. asp under the primary domain name.

Code:

Clear. asp

<%
Response. Cookies (CookieName) ("UserName") = ""
Response. Cookies (CookieName) ("Password") = ""
Response. Cookies (CookieName). Domain = "xxxx.com"
%>

Now we can test the Write. asp --> Read. asp --> Read. asp all Read. asp pages can be read to Write. cookie value created by asp
Then run Clear. asp to Clear it. Everything is OK. It seems that there is no problem.

However, this method has encountered problems when applied to the actual site.

Problem description:
After logging on to the primary domain for the first time, all the subdomain names can access the cookie stored in the primary domain name. However, once you exit, the cookie of the subdomain name is cleared, but the cookie of the primary domain name is still retained, after the cookie of the primary domain name is forcibly cleared, the cookie cannot be saved no matter how you log on to the primary domain name, unless you turn off the browser and open it again.

After multiple attempts, the problem was accidentally discovered. The following is the test result.

Create a Write2.asp page and place it under the Primary Domain Name

 

<%
Response. Cookies (CookieName) ("TEST_COOKIE") = "TEST_COOKIE"
%>

Step 1: Close the browser and run the command in the following order: Write. asp --> Read. asp of the primary domain name --> Read. asp of the subdomain name where all Read. asp reads are normal.

Step 2: Clear. asp --> Read. asp of the primary domain name --> Read. asp of the subdomain name is successfully cleared here.

Step 3: Write. asp --> Write2.asp --> master domain name Read. asp --> subdomain name Read. asp here, both Read. asp can Read the cookie value.

Step 4: Re-Execute Step 2 and find that the main domain name Read. asp still outputs the value, and the value of Read. asp under the subdomain name has been cleared.

Based on the test above, we will summarize the following points that need to be noted when cross-origin cookie is used.

1. When you have a Cookie group (or Cookie dictionary) that uses the Domain attribute to specify a Domain name, when you modify or add new members to the group, you must add Resonse after the operation. cookies (CookieName ). domain attribute.
2. If you do not need to modify the Cookie Group of the Domain, use Response. Cookies ("CookieText") = CookieValue to create a new Cookie.