关于cookie的跨域名设置和读取
前提条件:
总共有三个域名,要本机调试时通过修改hosts文件映射至127.0.0.1
guokecheng.com
order.guokecheng.com
member.guokecheng.com
其他
localhost
127.0.0.1
192.168.11.192
总共设置了4个cookie
分别在上述域名中设置了3个cookie,名字分别为rootCookie,orderCookie,memberCookie
不指定域名属性设置了1个cookie,名字为commonCookie
setcookie.jsp
<%@ page session="false" pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %> <%@ page import="javax.servlet.http.*" %> <% Cookie orderCookie=new Cookie("orderCookie", "orderCookie"); orderCookie.setDomain("order.guokecheng.com"); Cookie memberCookie=new Cookie("memberCookie", "memberCookie"); memberCookie.setDomain("member.guokecheng.com"); Cookie rootCookie=new Cookie("rootCookie", "rootCookie"); rootCookie.setDomain("guokecheng.com"); Cookie commonCookie=new Cookie("commonCookie", "commonCookie"); response.addCookie(orderCookie); response.addCookie(memberCookie); response.addCookie(rootCookie); response.addCookie(commonCookie); %> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <title><%=request.getServletContext().getServerInfo() %></title> <link href="favicon.ico" rel="icon" type="image/x-icon" /> <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link href="tomcat.css" rel="stylesheet" type="text/css" /> </head> <body> 设置cookie完成 </body> </html>
getcookie.jsp
<%@ page session="false" pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %> <%@ page import="javax.servlet.http.*" %> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <title><%=request.getServletContext().getServerInfo() %></title> <link href="favicon.ico" rel="icon" type="image/x-icon" /> <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link href="tomcat.css" rel="stylesheet" type="text/css" /> </head> <body> <% Cookie[] cookies = request.getCookies(); if (cookies!=null) { for(Cookie c:cookies) { out.println(c.getName()+"\t"+c.getValue()+"<br/>"); } } else { out.println("cookies not foud...."); } %> </body> </html>
1.通过访问guokecheng.com进行cookie设置操作,http://guokecheng.com/setcookie.jsp
2.通过以下访问,cookie的可见性不一,如下
localhost 无任何cookie
127.0.0.1 无任何cookie
192.168.11.192 无任何cookie
guokecheng.com 可访问rootCookie,commonCookie //rootCookie本身就写在guokecheng.com,故可访问。commonCookie写入时无指定域名,默认为写cookie操作时接口(或页面)所在的域名。故在这里可见
order.guokecheng.com 可访问rootCookie //由于order.guokecheng.com是guokecheng的二级域名,故可读取到上一级域名设置的cookie(rootCookie)
member.guokecheng.com 可访问rootCookie ////由于member.guokecheng.com是guokecheng的二级域名,故可读取到上一级域名设置的cookie(rootCookie)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1.通过访问order.guokecheng.com进行cookie设置操作,通过访问http://order.guokecheng.com/setcookie.jsp
2.通过以下访问,cookie的可见性不一,如下
localhost 无任何cookie
127.0.0.1 无任何cookie
192.168.11.192 无任何cookie
guokecheng.com 可访问rootCookie //rootCookie本身就写在guokecheng.com,故可访问。说明二级域名可往上一级域名写cookie时。commonCookie写入时无指定域名,默认为写cookie操作时接口(或页面)所在的域名。故在这里不可见
order.guokecheng.com 可访问rootCookie,commonCookie,orderCookie //由于order.guokecheng.com是guokecheng的二级域名,故可读取到上一级域名设置的cookie(rootCookie).
//commonCookie此次是通过order.guokecheng.com写的,默认即是这个域名,通过本域名访问,当然可访问到
//orderCookie同commonCookie,
member.guokecheng.com 可访问rootCookie //由于member.guokecheng.com是guokecheng的二级域名,故可读取到上一级域名设置的cookie(rootCookie)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
总结:
二级域名可以读取到在上一级域名下写的cookie
二级域名可以往上一级域名进行写cookie操作,反之不可
附:关于域名的校验,这里有一个验证函数。
浙公网安备 33010602011771号