Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "the use of cookie cross-domain sharing". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Problem description

You need to solve the problem of front-end pc and server (java). The same cookie can be obtained after cross-domain.

There is a restriction on using second-level domain names to share cookie, that is, the second-level domain names of two domain names must be the same.

Frontend pc access domain name: a.b.com

Domain name of backend API: a-gateway.b.com

These two domain names belong to the same secondary domain name: b.com

Cross-domain access

The following configuration is added to the server nginx to solve the problem of cross-domain access. Cross-domain access can also be resolved through code in the program.

Nginx profile

Whether location / {# allows Cookie add_header Access-Control-Allow-Credentials true; add_header Access-Control-Allow-Origin 'http://a.b.com'; add_header Access-Control-Allow-Methods' GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers' DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' to be sent across domains If ($request_method = 'OPTIONS') {return 204;}} Cross-domain carrying and sending cookie

If you need to allow cross-domain carrying and sending cookie, nignx requires the following parameters to be configured

Nginx configuration

"Access-Control-Allow-Credentials": optional field. Its value is a Boolean value indicating whether Cookie is allowed to be sent. By default, Cookie is not included in the CORS request. Set to true, which means that the server is explicitly licensed, and Cookie can be included in the request and sent to the server together. This value can only be set to true. If the server does not want the browser to send Cookie, delete this field.

For requests with identity credentials, the server must not set the value of Access-Control-Allow-Origin to'*'. This is because the Cookie information is carried in the header of the request, and if the value of Access-Control-Allow-Origin is'*', the request will fail. If you set the value of Access-Control-Allow-Origin to http://a.b.com, the request will be executed successfully. That is, Access-Control-Allow-Origin cannot be set to * when Access-Control-Allow-Credentials is set to true.

Front-end configuration

Take the vue request as an example:

Import axios from 'axios';axios.defaults.withCredentials=true / / allowed to carry cookie

Java sets cookie

Public static void addCookie (HttpServletResponse response,String cookieName,String cookieValue,int maxAge) {Cookie cookie = new Cookie (cookieName,cookieValue); cookie.setDomain ("b.com"); / / specify the domain name cookie.setPath ("/"); / / set the lifecycle of cookie cookie.setHttpOnly (false); if (maxAge > 0) {cookie.setMaxAge (maxAge);} response.addCookie (cookie) } this is the end of the content of "how to use cookie Cross-domain sharing". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.