Cookie across the domain

zhaozj2021-02-11  234

All website developers will really like the powerful characteristics and ease of use of cookies. It has a powerful role in tracking user information, building humanity, personalized websites, and avoiding expensive overhead using the database. However, cookies cannot pass through domains, only those who create its domains can be accessed; here we discuss how to use ASP to break through this limit.

Introduction to Cookie

First, we make a brief introduction to cookies, explaining how to use ASP to maintain cookies.

Cookie is a small file stored in the client computer, which means whenever a user accesses your site, you can secretly place a file containing information on its hard drive. This file can almost contain any information you intend to set, including user information, site status, and more. In this case, there is a potentially danger: this information is likely to be read by hackers. In order to prevent this problem, an effective way is that cookies can only be accessed by creating it. That is to say: For example, YTU.EDU.CN can only access the cookie created YTU.EDU.CN. Usually, this is nothing wrong; however, if you need two different sites on different domains to share user information in cookies, what handy? Of course, you can choose to copy user letter, but if you need users Can only be registered on a site, and you can use the registered user of another site? Or, two sites share a user database, and require the user to log in? At this time, shared cookies is the best solution. Program.

Here, first look at some ASP processing cookie's code for easy reference to reference.

'Creating a cookie

Response.cookies ("MyCookie"). Expires = DATE 365

Response.cookies ("MyCookle"). Domain = "MyDomaln.com"

Response.cookies ("MyCookle") ("UserName") = strusername

Response.cookies ("password") = strpassword

Reading and writing cookies is very simple, the above code creates a cookie and sets properties to cookie: domain, expiration time, and other values ​​stored in cookies. Here, Strusename, Strinterword is a variable set in front of a place. Then, read the following statement in cookies.

'Read cookies

Datexpdate = request.cookies ("MyCookie")

STRDOMALN = Request.Cookies ("mycookle"). Domain

StruserName = Request.Cookies ("MyCookle") ("UserName")

Strpassword = Request.cookies ("MYCOOKIE") ("Password")

More detailed information, you can refer to the ASP information.

achieve

Just sharing cookie is redirect, the general process is:

1. One user click Sitea.com.

2. If the user doesn't have a cookie of Sitea.com, redirect the user to Siteb.com.

3. If the user has a Siteb.com's cookie, connect the user with a special flag (will be explained below) back to Sitea.com, otherwise, only the user is redirected to Sitea.com. 4. Create a cookie in Sitea.com.

It looks very simple, take a closer look: Sitea.com and Siteb.com share the same user settings, so if the user has a Siteb.com's cookie (already registered), Sitea.com can also read cookies, providing cookies allowed Features. In this way, users who visit Sitea.com are like visiting sitec.com.

The link of this check should be implemented in a cookies.inc in the file in Sitea.com. Let's take a look at this code:

L-1

'Sitea.com "Check Cookie

If Request.QueryString ("Checked") <> "true" Then

IF not Request.cookies ("Sitea_cookie"). Haskeys Then

'Tour to Siteb.com

Response.RedlRect ("http://www.siteb.com/cookie.asp")

END IF

END IF

If the user has a cookie of Sitea.com, you don't need to do anything; the first IF statement is used to eliminate unlimited loops. Let's take a look at the cookie.asp file on Siteb.com to get a further understanding.

1-2

'Siteb.com

'Check cookie

IF not Request.cookies ("slteb_cookle"). Haskeys the

'Redirection to Sitea.com

Response.Redirect ("http://www.sitea.com/index.asp" & "? Checked = true")

Else

'Get username

Strusename = Request.Cookies ("Siteb_cookie") ("UserName")

'Return the user along with a special sign to Sitea.com

Response.RedlRect ("http://www.sitea.com/index.asp"? "= True" & "idener =" & strusername)

END IF

If the user still doesn't have a cookie on Siteb.com, he sends him back to Sitea.com and provides the application to know that you have checked Cookie by providing a parameter called "checkd" in the query statement. Otherwise, send the user back to Siteb.com and exit the loop.

However, if the user has a cookie of Siteb.com, we need to send the user back to Sitea.com and tell Sitea.com. To do this, we attach a unique logo in the database, username. So, we extend the code in Sitea.com.

L-3

'Sitea.com

...

...

'Check mark

If Request.QueryString ("Identifier") <> ""

Strusename = Request.QueryString ("Identifier")

'Record to the database

Response.cookies ("Sitea_cookie"). EXPIRES = DATE 365RESPONSE.COOKIES ("Sitea_cookie"). Domain = "Sitea.com"

Response.cookies ("Sitea_cookie") ("UserName") = strusername

END IF

Finally, we go back to Sitea.com. The first portion (L-L) of the file checks if the Cookie check is completed, and since it can clearly know that has been completed ("Checked" by the statement is indicated, the second part of the program shown in L-3 is performed. If there is a special sign, we can create a cookie in Sitea.com. Using this special flag (here is Username), we can query the database when any needs. Then, set the cookie to display other parts of the page. If there is no specified flag, there is no need to worry, as long as you simply display the remainder of the page.

In this way, Sitea.com has a cookie like Siteb.com. We can transfer more information rather than just a flag, and control network traffic within a minimum.

To pay attention, even if the user has a cookie on Sitea.com, you still need to check Siteb.com. Usually, this is not a must, saving time. However, once the user changes personal information in Siteb.com? Do this, you will keep all the information synchronization.

Cookie ring

To complete these, we need two files: a single-site server (Sitea.com), complete the check; a reference server (siteb.com), verify the user. If there is a reference server contains all user information or cookies, you can increase the random original server, what you need to do is to add a cookie.inc file on all servers to share cookies.

It can also be performed in the opposite order, for example, if siteb.com is the original server, and Sitea.com contains user information. Accessing Sitea.com has never visited Siteb.com or users can log in to Sitea.com and have all the previous settings. Note that if you have multiple reference servers, you will make people confuse and consume too much resource because users must be redirected to each reference server.

In theory, you can have a network that shares the same user all sites. The most feasible solution is to establish a shared cookie ring. Store the reference server list in a place (backup server) so that each reference server can find and decide to redirect the next site of the user. Remember that you must use the query string to track which original server starts. This transmission is very rapid, and this link is becoming more feasible.

There are still some problems here, the first is the reaction time. For users, they best don't know what the process is. The time he needs depends on the connection between Sitea.com and Siteb.com, which may be longer, which may be longer when implementing the cookie ring.

A major problem is that every implementation will face unlimited redirects. There are many reasons, such as: the user's space does not support cookies. This requires a re-design code to monitor the performance of the user browser.

It is best to pay attention to security issues. If some hackers have discovered the trick, he may get information in cookie. The simplest method is to protect the reference server and only allow the original server to access the cookie.asp file.

转载请注明原文地址:https://www.9cbs.com/read-3817.html

New Post(0)