asp.net regarding cookie cross-domain issues
Cookies are a great invention that allow web developers to retain their users' logged-in status. But problems arise when your site has more than one domain name. According to the cookie specification, a cookie can only be used for one domain name and cannot be sent to other domain names. Therefore, if a cookie is set in the browser for one domain name, the cookie will not be valid for other domain names. If you want your users to log in from one of your sites and also log in from other domains, this can be a real problem.
Across second-level domain names
We know that cookies can be accessed across second-level domain names. This is easy to understand. For example, if you create a cookie in the web application of www.test1.com, you want to use it in bbs.test1.com To access such an application corresponding to a second-level domain name, you must set the domain parameter domain=test1.com when creating the cookie. Taking asp.net as an example, the code is as follows:
HttpCookie cookie = new HttpCookie("name", "www.Admin10000.com");
cookie.Domain = "test1.com";
cookie.Path = "/";
Response.Cookies.Add(cookie);Cross top-level domain name
If I am not a second-level domain name but completely in a different top-level domain name, for example, the web application where www.test1.com is located creates a cookie, and I want What should I do if I access www.test2.com or its second-level domain name application? We know that it cannot be accessed by conventional countermeasures. The key is to see if there is any way to access it. The fact is that cookies can cross domains under certain conditions, rather than achieving cross-domain at will.
Let’s do a test to see how the two sites www.test1.com and www.test2.com implement cookie cross-domain access. According to convention, we need to have 2 top-level domain names and a DNS server to configure the domain name, otherwise we cannot verify it, but we don't need to be so troublesome here. We can simulate it by modifying the hosts file. There is a hosts file in c:windowssystem32driversetc. Add the two lines
127.0.0.1 www.test1.com 127.0.0.1 www.test2.com
at the end, and you can use the above domain name to access the local loopback address. We only need to deploy a set of programs on IIS. The IP is the loopback address of the local machine and can be accessed using two domain names.
We create three new pages, namely Default.aspx, SSO.ashx, and GetCookie.aspx.
Among them, Default.aspx is the page of www.test1.com, and the accessed address is http://www.test1.com/Default.aspx. Take a look at the front-end code, it does not have any back-end code
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="Admin10000.Web.Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<script type="text/javascript">
var _frm = document.createElement("iframe");
_frm.style.display = "none";
_frm.src = "http://www.test2.com/SSO.ashx";
document.body.appendChild(_frm);
</script>
</div>
</form>
</body>
</html>The other one is the SSO.ashx page, we think it is the page of www.test2.com, the front-end does not have any code, the back-end code is as follows:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.SessionState;
namespace Admin10000.Web
{
/// <summary>
/// $codebehindclassname$ 的摘要说明
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class SSO : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
HttpCookie cookie = new HttpCookie("name", "www.Admin10000.com");
cookie.Domain = "test2.com";
cookie.Path = "/";
cookie.Expires = DateTime.Now.AddMinutes(10000);
context.Response.Cookies.Add(cookie);
context.Response.ContentType = "text/plain";
context.Response.AddHeader("P3P", "CP=CAO PSA OUR");
context.Response.Write("");
}
public bool IsReusable
{
get
{
return false;
}
}
}
}The last is GetCookie.aspx Page, it is also a page under www.test2.com, there is no front-end code, only back-end code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace Admin10000.Web
{
public partial class GetCookie : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (Request.Cookies["name"] != null)
{
Response.Write(Request.Cookies["name"].Value);
}
}
}
}Okay, now we access the test by accessing http://www.test1.com/Default.aspx After that, the SSO.ashx page will be loaded through the iframe, the background code will be executed to create the cookie, and then we will visit http://www.test2.com/GetCookie.aspx and we will get the corresponding cookie. Note that cookies created under www.test1.com can be accessed under www.test2.com.
Things to note:
admin10000.com Tips There is a sentence in the background code of SSO.ashx: context.Response.AddHeader("P3P", "CP=CAO PSA OUR"); is used to set the P3P response header. It is because the P3P supported by IE browser causes cookies to be blocked when iframe cross-site, and cookies cannot be created. (FireFox currently does not support P3P security features, and FireFox naturally does not have this problem. There is no need to add a P3P response header.)
Use the src attribute of the iframe to redirect the cookie value in the test1.com domain as the get parameter to test2. On the SSO.ashx page under the com domain, SSO.ashx obtains the cookie value passed from the test1.com domain and writes the obtained value into the cookie, thus simply realizing cross-domain cookie access.
In addition, the Default.aspx page can also be changed to JS calling form:
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="Admin10000.Web.Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<script type="text/javascript" src="http://www.test2.com/SSO.ashx"></script>
</div>
</form>
</body>
</html>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to Fix Roblox 403 Forbidden Error on Google Chrome
May 19, 2023 pm 01:49 PM
Many Windows users have recently encountered an unusual error called Roblox403 Forbidden Error while trying to access website URLs in Google Chrome browser. Even after restarting the Chrome app multiple times, they were unable to do anything. There could be several potential causes for this error, some of which we've outlined and listed below. Browsing history and other cache of Chrome and corrupted data Unstable internet connection Incorrect website URLs Extensions installed from third-party sources After considering all the above aspects, we have come up with some fixes that can help users resolve this issue. If you encounter the same problem, check out the solutions in this article. Fix 1
Where are cookies stored?
Dec 20, 2023 pm 03:07 PM
Cookies are usually stored in the cookie folder of the browser. Cookie files in the browser are usually stored in binary or SQLite format. If you open the cookie file directly, you may see some garbled or unreadable content, so it is best to use Use the cookie management interface provided by your browser to view and manage cookies.
Where are the cookies on your computer?
Dec 22, 2023 pm 03:46 PM
Cookies on your computer are stored in specific locations on your browser, depending on the browser and operating system used: 1. Google Chrome, stored in C:\Users\YourUsername\AppData\Local\Google\Chrome\User Data\Default \Cookies etc.
Where are the mobile cookies?
Dec 22, 2023 pm 03:40 PM
Cookies on the mobile phone are stored in the browser application of the mobile device: 1. On iOS devices, Cookies are stored in Settings -> Safari -> Advanced -> Website Data of the Safari browser; 2. On Android devices, Cookies Stored in Settings -> Site settings -> Cookies of Chrome browser, etc.
Detailed explanation of where browser cookies are stored
Jan 19, 2024 am 09:15 AM
With the popularity of the Internet, we use browsers to surf the Internet have become a way of life. In the daily use of browsers, we often encounter situations where we need to enter account passwords, such as online shopping, social networking, emails, etc. This information needs to be recorded by the browser so that it does not need to be entered again the next time you visit. This is when cookies come in handy. What are cookies? Cookie refers to a small data file sent by the server to the user's browser and stored locally. It contains user behavior of some websites.
What are the dangers of cookie leakage?
Sep 20, 2023 pm 05:53 PM
The dangers of cookie leakage include theft of personal identity information, tracking of personal online behavior, and account theft. Detailed introduction: 1. Personal identity information is stolen, such as name, email address, phone number, etc. This information may be used by criminals to carry out identity theft, fraud and other illegal activities; 2. Personal online behavior is tracked and analyzed through cookies With the data in the account, criminals can learn about the user's browsing history, shopping preferences, hobbies, etc.; 3. The account is stolen, bypassing login verification, directly accessing the user's account, etc.
How cookies work
Sep 20, 2023 pm 05:57 PM
The working principle of cookies involves the server sending cookies, the browser storing cookies, and the browser processing and storing cookies. Detailed introduction: 1. The server sends a cookie, and the server sends an HTTP response header containing the cookie to the browser. This cookie contains some information, such as the user's identity authentication, preferences, or shopping cart contents. After the browser receives this cookie, it will be stored on the user's computer; 2. The browser stores cookies, etc.
Does clearing cookies have any impact?
Sep 20, 2023 pm 06:01 PM
The effects of clearing cookies include resetting personalization settings and preferences, affecting ad experience, and destroying login status and password remembering functions. Detailed introduction: 1. Reset personalized settings and preferences. If cookies are cleared, the shopping cart will be reset to empty and products need to be re-added. Clearing cookies will also cause the login status on social media platforms to be lost, requiring re-adding. Enter your username and password; 2. It affects the advertising experience. If cookies are cleared, the website will not be able to understand our interests and preferences, and will display irrelevant ads, etc.
