Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
244 views
in Technique[技术] by (71.8m points)

http - Share a cookie between two websites

I have built a website (A) which logs in to and retrieves customer data from a separate web service.

The organisation that owns (A) also has a website (B) which has a web form. They want a logged in customer on (A) to be able to click across to (B) and see a pre-populated form with their details.

This means (A) must write their customer ID to a cookie, which (B) can read, and then (B) can request the data from the web service, and pre-populate the form.

This raises two questions:

  1. Can website (B) read the cookie for website (A)?

  2. If so, to prevent someone from editing a cookie and seeing other people's data in the form, I would need to do something like encrypt the cookie on (A) and then have that decrypted in (B) - any suggestions along this line?

I can't change the existing login to OAuth or something, as the web service is consumed by several other sites, so this cannot change.

question from:https://stackoverflow.com/questions/12370495/share-a-cookie-between-two-websites

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

No. Website B can't read a cookie from website A.

The easiest work-around is to pass login/credential information from website A to website B and have website B set a seperate cookie. For example, after logging into website A you could have them quickly redirected to website B with an encrypted querystring. Website B could then read the information, set its own cookie, and redirect the user back to site A.

It's messy but possible.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...