How PHP operates cross-origin cookies on different servers

Source: Internet
Author: User
Tags subdomain subdomain name
First, the domain names of two different subdomains are resolved on different servers. Of course, the directories are also different. I failed to perform cross-domain operations (delete cookies. Unable to operate. I tried the P3P protocol, but I still cannot. Is there a way to implement it? First, the domain names of two different subdomains are resolved on different servers. Of course, the directories are also different. I failed to perform cross-domain operations (delete cookies. Unable to operate.
I tried the P3P protocol, but I still cannot. Is there a way to implement it?

Reply content:

First, the domain names of two different subdomains are resolved on different servers. Of course, the directories are also different. I failed to perform cross-domain operations (delete cookies. Unable to operate.
I tried the P3P protocol, but I still cannot. Is there a way to implement it?

Cookies are defined in RFC2109 standards. Most cookies are implemented by the client, that is, the browser.

Each cookie in cookies represents a key-value pair, its scope, and lifecycle.

Cookie field Definition

Scope ):path,domain

Life cycle: the cookie expiration time,expires(GMT, UTC) Time Standard

Security Scope ):HttpOnly,Secure

Scope and Security Scope)

If you do not use js to operate on cookies, you can ignore the Security Scope ).

The above may be a bit abstract, but you can open chrome and press F12-> Resources-> Cookies

As shown in the following figure

The above are all comments and nonsense. Important.

The server is only the recipient and the parser of the cookie. The browser, that is, the client, determines whether or notcookiesTo the server.

The client is implemented by reference to the standard.RFC2109). It is sent based on the cookie path and domain.

We assume that we now have two domain names.

  • Oauth2.php123.com
  • Www.php123.com

If you want the clientwww.php123.comThe following cookies are also sentoauth2.php123.comBelow. Then you need to setdomainSetphp123.com.

Php library function setcookie definition bool setcookie (string $ name [, string $ value [, int $ expire = 0 [, string $ path [, string $ domain [, bool $ secure = false [, bool $ httponly = false])

Let's take a real example.

php// Oauth.php123.com/cookie.php
  
php// Www.php123.com/cookie.php 'Bar1', 'foo3' => 'bar3') // ['foo2' => 'bar2'] is not obtained because the client only needs to set domain to 'php123. the cookie of com ', 'www .php123.com' is sent to the domain www.php123.com. Therefore, cookie. php only obtains the two cookies.

The above code can explain how cookies work. Understanding the work and Mechanism of cookies can implement many advanced functions. For example, distributed session sharing.

And vice versa. You can understand it yourself.

1. The solution under the subdomain name is provided upstairs. It is easy to specify the cookie domain as a subdomain name for each call. You can use this solution.
Http://stackoverflow.com/questions/22029530/sessions-cookies-shared-on-subdomains/22030121#22030121

2. P3P protocol. Is a solution for cross-origin cookie. Site a generates cookies, and site B deletes site a cookies.
Site B and js cross-origin:


   《script》';

A receives the parameters and deletes them.


   

However, ie will expire... The reason is that the browser security policy is wrong, so you have to use p3p. Add the protocol before deletion:

 

Now, let's take a look ..

Cross-origin is irrelevant to PHP. Cookies are transmitted through the request header, and PHP will surely get the cookie upon receiving the request.

If it is www.a.com or www. B .com, there is no way to implement cross-origin operations. You can use a work und, such as jsonp.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.