Sharing Cookie between different ports

2019-02-17 01:04发布

站内问答 / C#
965 3 5

I have an application1(C#) that is hosted on port:80 and application 2(nodejs) that is hosted on port:3030. Both are on localhost.

The request workflow is as following:

  • browsers sends request to application 1
  • application 1 sends back number of cookies
  • later on browser sends the request to application 2
  • ^ problem is on the last step, the cookies doesnt get included in the request.

Things I have tried/understood:

  • I understand that this is a same-origin policy restriction and because of different port # the browser treats them as different domains.

  • In Application 1 (its using System.Web.HttpCookie) i have tried to set the domain to be port specific ("127.0.0.1:3030") but seems like the browser doesnt accept it or ignore it. 

    //c# code
var testCookie1 = new HttpCookie("Test", "testValue");
testCookie1.Domain = "127.0.0.1:3030";
testCookie1.Path = "/";
testCookie1.Expires = DateTime.Now.AddDays(1);
Response.SetCookie(testCookie1);

var testCookie2 = new HttpCookie("Test2", "testValue2");
testCookie2.Domain = "127.0.0.1";
testCookie2.Path = "/";
testCookie2.Expires = DateTime.Now.AddDays(1);
Response.SetCookie(testCookie2);

Cookies that come back from server Cookies that get stored in browser

The server sends back a cookie with the port number attached to it but the browser seems like it ignores it.

and here is my ajax calls: 

   var request = $.ajax({
        url: 'http://127.0.0.1:3030/SomeTask',
        type: 'POST',
        crossDomain: true,
    });

3条回答
smile是对你的礼貌
2楼-- · 2019-02-17 01:12

Here are a two different solutions you can try:

  1. Run an Apache server and route the requests to either servers
  2. Disable security( i.e., same origin policy) in the browsers.
查看更多
0人赞 添加讨论(0) 举报
狗以群分
3楼-- · 2019-02-17 01:21

Your domain is the same in this case localhost, so there shouldn't be any problem.

Another thing is: the port is part of an URI, not of a domain, the domain is also part of an URI, so you are mixing apples and fruits...

Please refer to this another question in SO

The rfc clearly states

Introduction

For historical reasons, cookies contain a number of security and privacy infelicities. For example, a server can indicate that a given cookie is intended for "secure" connections, but the Secure attribute does not provide integrity in the presence of an active network attacker. Similarly, cookies for a given host are shared across all the ports on that host, even though the usual "same-origin policy" used by web browsers isolates content retrieved via different ports.

I didn't give a try myself.

In my job, we have to share cookies across subdomains (not ports) setting a dot in front of the domain

var testCookie1 = new HttpCookie("Test", "testValue"); testCookie1.Domain = "." + mydomain;

This way x.mydomain and y.mydomain will share cookies.

So, try not to set the port in the cookies, and use the name localhost instead the resolved ipaddress.

You can simulate production setting in your hosts file something like:

127.0.0.1   myawesomesubdomain.thisdomainnotexist.com.tr

and then set the cookie to that domain without the port

查看更多
0人赞 添加讨论(0) 举报
够拽才男人
4楼-- · 2019-02-17 01:28

In order to share cookies, your two apps should be on se same domain, like app1.myapp.com and app2.myapp.com, this way they both have access to myapp.com cookies.

You can emulate this in local, by setting :

127.0.0.1 app1.myapp.com
127.0.0.1 app2.myapp.com

in your host file located in C:\Windows\System32\drivers\etc or /etc/hosts

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)