Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.4k views
in Technique[技术] by (71.8m points)

http - Share a cookie between two websites

I have built a website (A) which logs in to and retrieves customer data from a separate web service.

The organisation that owns (A) also has a website (B) which has a web form. They want a logged in customer on (A) to be able to click across to (B) and see a pre-populated form with their details.

This means (A) must write their customer ID to a cookie, which (B) can read, and then (B) can request the data from the web service, and pre-populate the form.

This raises two questions:

  1. Can website (B) read the cookie for website (A)?

  2. If so, to prevent someone from editing a cookie and seeing other people's data in the form, I would need to do something like encrypt the cookie on (A) and then have that decrypted in (B) - any suggestions along this line?

I can't change the existing login to OAuth or something, as the web service is consumed by several other sites, so this cannot change.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

No. Website B can't read a cookie from website A.

The easiest work-around is to pass login/credential information from website A to website B and have website B set a seperate cookie. For example, after logging into website A you could have them quickly redirected to website B with an encrypted querystring. Website B could then read the information, set its own cookie, and redirect the user back to site A.

It's messy but possible.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...