Cookie cross-origin operations

Normal cookies can only be shared by one application. that is, a cookie can only be obtained by the application that created it. 1. you can share data on the same application server by setting cookies. setPath (/); the local tomcat/webapp has two applications: cas and webapp_ B, 1) The cookie originally set under cas is obtained under webapp_ B.

Normal cookies can only be shared by one application. that is, a cookie can only be obtained by the application that created it.
1. how to share data on the same application server: Set cookie. setPath ("/");
The local tomcat/webapp has two applications: cas and webapp_ B,
1) The cookie originally set under cas cannot be obtained under webapp_ B. by default, path is the path of the application that generates the cookie.
2) If you set a cookie under cas, add a cookie. setPath ("/"); or cookie. setPath ("/webapp_ B/"); then you can get the cookie set by cas under webapp_ B.
3) the parameters here are relative to the root directory of the app folder on the app server (for example, webapp under tomcat), so cookie. setPath ("/"); then, all applications in the webapp folder can share the cookie. setPath ("/webapp_ B/"); indicates that the cookie set by the cas application can only be obtained under the webapp_ B application, even the cas application that generates this cookie cannot.
4) set cookie. setPath ("/webapp_ B/jsp") or cookie. when setPath ("/webapp_ B/jsp/") is used, the cookie can be obtained only under webapp_ B/jsp, but not under webapp_ B.
5) Set cookie. setPath ("/webapp_ B"); indicates that the cookie can be used only under webapp_ B, so that the cookie cannot be obtained under the cas application that generates the cookie.
6) when there are multiple cookie. setPath ("XXX"); statements, the last one takes effect.
6) How to set multiple paths ???

 

2. Cross-Origin cookie sharing method: set P3P

Reprinted as follows:

Today I saw an article on the w3 website about p3p (http://www.w3.org/TR/P3P/), which can be used to implement cross-origin access cookie, I also try.
In fact, it is very simple: The experiment uses two domain names readlog.cn and diaor.com

First, put a file setcookie. php content under readlog.cn:

PHP code
Header (P3P: CP = "cao dsp cor cur adm dev tai psa psd IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi ind phy onl uni pur fin com nav int dem cnt sta pol hea pre gov" ); // p3p
Setcookie ("TestCookie", "test", time () + 3600, "/", ".readlog.cn"); // Set cookie
?>
Put another readcookie. php content:

PHP code
Echo $ _ COOKIE ["TestCookie"];
?>
Then place setcookie. php under diaor.com. content:

JavaScript code

Then access the http://www.diaor.com/setcookie.php capture data packets can be found in readlog.cn domain generated a cookie, name is TestCookie, value is test

Visit the http://www.readlog.cn/readcookie.php below to verify, you can find that the cookie is indeed set successfully.

If you are interested, you can remove the header (P3P: CP = "cao dsp cor cur adm dev tai psa psd IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi ind phy onl uni pur fin com nav int dem cnt sta pol hea pre gov" ); if you try this statement, you will find that the cookie can be set, but the cookie cannot be read in readlog.cn.