Share a cookie between two websites

前端 未结 7 650
梦谈多话
梦谈多话 2020-11-27 04:44

I have built a website (A) which logs in to and retrieves customer data from a separate web service.

The organisation that owns (A) also has a website (B) which has

相关标签:
7条回答
  • 2020-11-27 05:27

    If in your case all your users use browsers with HTML5 support you can use window.postMessage method that allows to addEventListener on one side and to postMessage from the other. Here is a nice article/example: https://developer.mozilla.org/en-US/docs/Web/API/window.postMessage.

    Then the steps are simple:

    1. add to site A a hidden iframe to site B
    2. send B's cookie to A using window.postMessage
    3. store the received cookie in A's cookie
    0 讨论(0)
  • 2020-11-27 05:28

    HttpCookie.Domain Property might help.

    Excerpt:

    MyCookie.Domain = domainName;
    
    0 讨论(0)
  • 2020-11-27 05:29

    There are open source tools on the internet that can do that, but this s against the whole idea behind the cookies philosophy. Cookies are meant to be accessed by only one domain. You can however mock that domain and 'Hack' into the browser. It's not recommended and some browsers have tighter security and don't allow that.

    I suggest you create a web service in website A and give reading access to B to read it.

    0 讨论(0)
  • 2020-11-27 05:30

    No. Website B can't read a cookie from website A.

    The easiest work-around is to pass login/credential information from website A to website B and have website B set a seperate cookie. For example, after logging into website A you could have them quickly redirected to website B with an encrypted querystring. Website B could then read the information, set its own cookie, and redirect the user back to site A.

    It's messy but possible.

    0 讨论(0)
  • 2020-11-27 05:36

    Potential work-around: You could use an inline frame on the secondary site to show content from the primary site (taking up the full window):

    <!DOCTYPE HTML>
    <html>  
      <head>  
           <title>your page title</title>  
            <style type="text/css">
                body, html {
                margin: 0; padding: 0; height: 100%; overflow: hidden;
                }
                #content {
                position:absolute; left: 0; right: 0; bottom: 0; top: 0px; 
                }
            </style>
      </head>  
      <body>
        <div id="content">
        <iframe width="100%" height="100%" frameborder="0" src="http://yourMainSite.com/dataDependentPage.php" ></iframe>
        TESTING
        </div>
      </body>  
     </html>
    
    0 讨论(0)
  • 2020-11-27 05:45

    You mentioned the same company owns both sites. As you suspected, if the sites have the same domain like www.mycompany.com and store.mycompany.com, then they can share cookies. The HTTP response header would look something like this:

    Set-Cookie: user_id=1295214458; Path=/; Domain=.mycompany.com
    

    Since the client has direct access to this data, you should also include a signature so tampering would be detected. Usually the whole thing is encrypted and signed into a "token", and that is set as the cookie. But technically, just the signature is required.

    0 讨论(0)
提交回复
热议问题