How do I validate the cookie validity of an AJAX request?

In the browser, an asynchronous Ajax request originated in the background, the server in response, with the cookie information, then next to the same domain name under the other page request, the cookie is valid, will be submitted to the Web server with the request?

I am not familiar with the web-related standards, only know that in the ordinary foreground request this cookie will be valid, the AJAX request for the situation is temporarily uncertain. But to know what the answer to the question is, to go through the relevant standards is to save water near the fire. In the IT ' s easier to check than to guess principle, decided to write a section of the program to verify the problem. The relevant code is as follows

The HTML page that initiates the AJAX request test.html the code for the

<script type= "Text/javascript" src= "Lib/jquery-1.11.2.min.js" ></script>
<script type= "Text/javascript" >
$.get ('/api/async ', function (result) {
Window.location.href=result.url;
}, ' json ')
</script>

Background '/api/async ' service program code is

Import Web
Import JSON

Class Async:
def get (self):
Web.setcookie (' web ', ' python ')
Return ' {' URL ': '/api/index '} '

Class Index:
def get (self):
cookies = Web.cookies ()
return Json.dumps (Cookies)

Routes = (
'/api/async ', ' async ',
'/api/index ', ' index '
)

App = Web.application (routes, Globals (), False)
App.run ()

We use the first visit to the Test.html page, where the asynchronous Ajax access '/api/async ' is triggered, as shown in the code, and the response has cookie information, and the body is JSON data with a URL of '/api/index ', test. HTML accesses the URL when it receives a response, and the '/api/index ' service responds with all the cookie information back to the browser.

Comparing the results returned by ' api/index ' with the cookie set in '/api/async ', you can know the answer to the previous question, and the actual validation results are shown in the following figure

As can be seen, Ajax asynchronously request '/api/async ' in response to a cookie set, which is valid for subsequent other front page requests



Ajax cross-domain request cookies cannot be taken with a solution


Native Ajax Request Method:

var xhr = new XMLHttpRequest ();
Xhr.open ("POST", "http://xxxx.com/demo/b/index.php", true);
Xhr.withcredentials = true; Support for sending cookies across domains
Xhr.send ();

jquery's Ajax post method request:

$.ajax ({
Type: "POST",
URL: "Http://xxx.com/api/test",
DataType: ' Jsonp ',
Xhrfields: {
Withcredentials:true
},
Crossdomain:true,

Success:function () {

},

Error:function () {
}
})


Server-side settings:

Header ("Access-control-allow-credentials:true");
Header ("access-control-allow-origin:http://www.xxx.com");