[Reprint] Cross-Domain cookies

All website developers will like the powerful features and ease-of-use of cookies. It plays a powerful role in tracking user information and building a user-friendly and personalized website, this avoids the expensive costs of using databases. However, Cookies cannot be transmitted across domains and can only be accessed by those domains that have created them. Here we will discuss how to use ASP to break through this restriction.
Cookie Introduction
First, we will give a brief introduction to the cookie to illustrate how to use ASP to maintain the cookie.
Cookie is a small file stored in the client computer, which means that every time a user visits your site, you can secretly put a file containing the relevant information on its hard disk. This file contains almost any information you want to set, including user information and Site status. In this case, there is a potential danger: the information may be read by hackers. To prevent this problem, a valid method is that the cookie can only be accessed by the domain where it is created. For example, ytu.edu.cn can only access cookies created by ytu.edu.cn. Generally speaking, there is no problem. But what if two different sites in two different domains need to share the user information stored in cookies? Of course, you can choose to copy user mail. However, what if you want users to register only on one site and become registered users on another site in the East? Or, do two sites share a user database and require automatic user login? At this time, sharing cookies across domains is the best solution.
Here, let's take a look at some asp cookie processing code for reference later.
'Create cookie
Response. Cookies ("mycookie"). expires = date + 365
Response. Cookies ("mycookle"). Domain = "mydomaln.com"
Response. Cookies ("mycookle") ("username") = strusername
Response. Cookies ("mycookle") ("password") = strpassword
The preceding Code creates a cookie and sets attributes for the cookie: domain, expiration time, and other values stored in the cookie. Here, strusename and strpassword are the variables set in the previous place. Then, read in the cookie using the following statement.
'Read cookie
Datexpdate = request. Cookies ("mycookie ")
Strdomaln = request. Cookies ("mycookle"). Domain
Strusername = request. Cookies ("mycookle") ("username ")
Strpassword = request. Cookies ("mycookie") ("password ")
For more information, see ASP.

Implementation
The key to sharing cookies is redirection. The general process is as follows:
1. a user clicks sitea.com.
2. If the user does not have sitea.com cookies, the user will be redirected to siteb.com.
3. If the user has siteb.com cookies, the user will be redirected back to sitea.com along with a special sign (which will be explained below). Otherwise, the user will only be redirected to sitea.com.
4. Create a cookie in sitea.com.
It looks very simple. Take a closer look: sitea.com and siteb.com share the same user settings. Therefore, if you have siteb.com cookies (registered ), sitea.com can also read cookies and provide the features permitted by cookies. In this way, the user accessing sitea.com is like accessing siteb.com.
This check should be performed in the sitea.com file containing a cookie. Inc. Let's take a look at this Code:
L-1
'Sitea. com "Check cookie
If request. querystring ("checked") <> "true" then
If not request. Cookies ("sitea_cookie"). haskeys then
'Re-go to siteb.com
Response. redlrect ("http://www.siteB.com/cookie.asp ")
End if
End if

If you have a sitea.com cookie, you do not need to do anything. The first if statement is used to eliminate infinite loops. Let's take a look at the cookie. asp file on siteb.com for further understanding.
1-2
'Siteb. com
'Check cookie
If not request. Cookies ("slteb_cookle"). haskeys then
'Redirect to sitea.com
Response. Redirect ("http://www.siteA.com/index.asp "&"? Checked = true ")
Else
'Get Username
Strusername = request. Cookies ("siteb_cookie") ("username ")
'Return the user along with a special flag to sitea.com
Response. redlrect ("http://www.siteA.com/index.asp "&"? Checked = true "&" identrfer = "& strusername)
End if
If the user still does not have a cookie on siteb.com, send it back to sitea.com, in addition, you can provide a "checkd" parameter in the query statement to let the application know that you have checked the cookie. Otherwise, send the user back to siteb.com and exit the loop.
However, if the user owns siteb.com cookies, we need to send the user back to sitea.com and tell sitea.com. Therefore, we add a unique identifier, username, to the database. Therefore, we extend the code in sitea.com.
L-3
'Sitea. com
...
...
'Check flag
If request. querystring ("identifier") <> "then
Strusername = request. querystring ("identifier ")
'Record to database
Response. Cookies ("sitea_cookie"). expires = date + 365
Response. Cookies ("sitea_cookie"). Domain = "sitea.com"
Response. Cookies ("sitea_cookie") ("username") = strusername
End if
Finally, we return to sitea.com. The first part of the file (l-l) checks whether the cookie check has been completed, because it can be clearly known that it has been completed (indicated by the "checked" parameter in the statement ), perform the second part of the program as shown in the L-3. If a special flag exists, we can create a cookie in sitea.com. Use this special identifier (username here) to query the database whenever necessary. Then, set the cookie to display other parts of the page. If no flag is specified, you don't have to worry about it. Simply display the rest of the page.
In this way, sitea.com has the same cookie as siteb.com. We can transmit more information, not just a sign, but also minimize the network traffic.
Note that you still need to check siteb.com even if you have a cookie on sitea.com. Generally speaking, this is not a must, but also saves time. However, once the user changes personal information on siteb.com? In this way, all information will be synchronized.

Cookie Ring
To complete this, we need two files: one on the Origin Site Server (sitea.com), and the other on the reference server (siteb.com) to verify the user. If a reference server contains all the user information or cookies that are needed, you can add as many original servers as you like. All you need to do is add cookies to all servers that want to share cookies. inc file.
It can also be executed in reverse order. For example, if siteb.com is the original server and sitea.com contains user information. Users who have accessed sitea.com but have never accessed siteb.com can also log on to sitea.com and have all the previous settings. Note: If you have multiple reference servers, this will be confusing and consume too much resources because you must redirect users to each reference server.
Theoretically, you can have a network where all sites share the same user. The most feasible solution is to establish a shared cookie ring. Store the reference server list in one location (Backup Server) so that each reference server can find and decide to redirect the user's next site. Remember to trace the origin server on which the user starts by querying the string. This process becomes more and more feasible because of the rapid transmission of information.
There are still some problems here. The first is the response time. For users, it is better they don't know what the process is like. The required time depends on the connections between sitea.com and siteb.com, which may be longer and may be longer when Cookie ring is implemented.
Another major problem is that every real user faces infinite redirection. There are many reasons for this. For example, the user's browser does not support cookies. This requires further code design to monitor the performance of your browser.
It is best to pay attention to security issues. If some hackers find some tricks, they may get the information in the cookie. The simplest precaution is to protect the reference server and only allow the original server to access the cookie. asp file.

From: http://www.xbitsoft.net/document/index.asp? Id = 561