我需要一个仅Http
身份验证cookie来工作:
I need an HttpOnly
authentication cookie to work on:
mydomain.com
www.mydomain.com
abc.mydomain.com
这样我可以通过一个单一的登录登录到这三个地方。
so that I can be logged into all three places via a single login.
这是工作的罚款,我的cookie域设置为:
This is working fine, by setting my cookie domain to:
.mydomain.com
下面是响应报头中设置cookie:
here is the response header that sets the cookie:
MYAUTHCOOKIE=FOO; domain=.mydomain.com; path=/; HttpOnly
这一切为正常的浏览器请求的正常工作。
This all works fine for normal browser requests.
不过,我需要从 mydomain.com
AJAX请求和 www.mydomain.com
到 abc.mydomain.com
。
However, I need to make an AJAX request from mydomain.com
and www.mydomain.com
to abc.mydomain.com
.
当我提出的要求,它没有通过身份验证cookie。这是为什么,而我能做些什么呢?
When I make the request, it isn't passing the authentication cookie. Why is this, and what can i do about it?
如果我提出一个请求到同一主机JS所在的页面,它会发送cookie:■
If i make a request to the same host as the page the JS resides on, it does send the cookie :s
下面是我的要求,code:
Here's my request code:
$.ajax({
type: "POST"
, data: { data: { foo: bar} }
, dataType: "json"
, url: "http://abc.mydomain.com/foo"
, timeout: 5000
, success: function (data, textStatus) {
alert('woo!');
}
, error: function (xhr, textStatus, error) {
alert('meh');
}
});
这是一些跨域策略?为什么犯规的Cookie域,使这项工作?
Is this some cross domain policy? Why doesnt the cookie domain make this work?
感谢
按照同源策略,子域确实是敌对到你的顶级域名,但也可以是固定设置document.domain的(同文)。
According to the same origin policy, subdomains are indeed "hostile" to your top domain, but it can be fixed by setting document.domain (same article).