Web Front-end
JS Tutorial
An explanation of the solution to cookie loss in ajax cross-domain access
An explanation of the solution to cookie loss in ajax cross-domain access
Ajax cross-domain access can be achieved using the jsonp method or setting Access-Control-Allow-Origin. Regarding setting Access-Control-Allow-Origin to achieve cross-domain access, you can refer to the article I wrote before "ajax setting Access-Control- Allow-Origin realizes cross-domain access》
1.ajax cross-domain access, cookie loss
First create two test domain names
a.fdipzone .com As the client domain name
b.fdipzone.com As the server domain name
Test code
setcookie.php Used to set server cookies
<?phpsetcookie('data', time(), time()+3600);?>
server.php Used to be requested by the client
<?php$name = isset($_POST['name'])? $_POST['name'] : '';$ret = array( 'success' => true, 'name' => $name, 'cookie' => isset($_COOKIE['data'])? $_COOKIE['data'] : '');// 指定允许其他域名访问header('Access-Control-Allow-Origin:http://a.fdipzone.com');// 响应类型header('Access-Control-Allow-Methods:POST'); // 响应头设置header('Access-Control-Allow-Headers:x-requested-with,content-type'); header('content-type:application/json');echo json_encode($ret);?>
test.html Client request page
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
<title> ajax 跨域访问cookie丢失的解决方法 </title>
</head>
<body>
<script type="text/javascript">
$(function(){
$.ajax({
url: 'http://b.fdipzone.com/server.php', // 跨域
dataType: 'json',
type: 'post',
data: {'name':'fdipzone'},
success:function(ret){
if(ret['success']==true){
alert('cookie:' + ret['cookie']);
}
}
});
}) </script>
</body></html>First execute http://b.fdipzone.com/setcookie.php to create a server-side cookie .
Then execute http://a.fdipzone.com/test.html
Output
{"success":true,"name":"fdipzone","cookie":""}Failed to obtain cookies.
2. Solution
Client
Set the withCredentials attribute to # when requesting ##true Enables you to specify that credentials should be sent for a certain request. If the server receives a request with credentials, it will respond with the following HTTP headers.
Server Set header
header("Access-Control-Allow-Credentials:true");
test.html Modify as follows
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
<title> ajax 跨域访问cookie丢失的解决方法 </title>
</head>
<body>
<script type="text/javascript">
$(function(){
$.ajax({
url: 'http://b.fdipzone.com/server.php', // 跨域
xhrFields:{withCredentials: true}, // 发送凭据
dataType: 'json',
type: 'post',
data: {'name':'fdipzone'},
success:function(ret){
if(ret['success']==true){
alert('cookie:' + ret['cookie']);
}
}
});
}) </script>
</body></html>server.php Modify as follows
<?php$name = isset($_POST['name'])? $_POST['name'] : '';$ret = array( 'success' => true, 'name' => $name, 'cookie' => isset($_COOKIE['data'])? $_COOKIE['data'] : '');// 指定允许其他域名访问header('Access-Control-Allow-Origin:http://a.fdipzone.com');// 响应类型header('Access-Control-Allow-Methods:POST'); // 响应头设置header('Access-Control-Allow-Headers:x-requested-with,content-type');// 是否允许请求带有验证信息header('Access-Control-Allow-Credentials:true'); header('content-type:application/json');echo json_encode($ret);?>
{"success":true,"name":"fdipzone","cookie":"1484558863"}3. Notes
1. If the client sets the withCredentials attribute to true, but the server does not set Access-Control-Allow-Credentials :true, an error will be returned when requesting.XMLHttpRequest cannot load http://b.fdipzone.com/server.php. Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'http://a.fdipzone.com' is therefore not allowed access.
XMLHttpRequest cannot load http://b.fdipzone.com/server.php. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://a.fdipzone.com' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
Explanation on the calculation method of key_len in mysql explain
How to use curl to simulate ip and Source access
#Convert NULL data through mysql method
The above is the detailed content of An explanation of the solution to cookie loss in ajax cross-domain access. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to solve the 403 error encountered by jQuery AJAX request
Feb 20, 2024 am 10:07 AM
Title: Methods and code examples to resolve 403 errors in jQuery AJAX requests. The 403 error refers to a request that the server prohibits access to a resource. This error usually occurs because the request lacks permissions or is rejected by the server. When making jQueryAJAX requests, you sometimes encounter this situation. This article will introduce how to solve this problem and provide code examples. Solution: Check permissions: First ensure that the requested URL address is correct and verify that you have sufficient permissions to access the resource.
PHP and Ajax: Building an autocomplete suggestion engine
Jun 02, 2024 pm 08:39 PM
Build an autocomplete suggestion engine using PHP and Ajax: Server-side script: handles Ajax requests and returns suggestions (autocomplete.php). Client script: Send Ajax request and display suggestions (autocomplete.js). Practical case: Include script in HTML page and specify search-input element identifier.
How to solve jQuery AJAX request 403 error
Feb 19, 2024 pm 05:55 PM
jQuery is a popular JavaScript library used to simplify client-side development. AJAX is a technology that sends asynchronous requests and interacts with the server without reloading the entire web page. However, when using jQuery to make AJAX requests, you sometimes encounter 403 errors. 403 errors are usually server-denied access errors, possibly due to security policy or permission issues. In this article, we will discuss how to resolve jQueryAJAX request encountering 403 error
How to solve the problem of jQuery AJAX error 403?
Feb 23, 2024 pm 04:27 PM
How to solve the problem of jQueryAJAX error 403? When developing web applications, jQuery is often used to send asynchronous requests. However, sometimes you may encounter error code 403 when using jQueryAJAX, indicating that access is forbidden by the server. This is usually caused by server-side security settings, but there are ways to work around it. This article will introduce how to solve the problem of jQueryAJAX error 403 and provide specific code examples. 1. to make
How to get variables from PHP method using Ajax?
Mar 09, 2024 pm 05:36 PM
Using Ajax to obtain variables from PHP methods is a common scenario in web development. Through Ajax, the page can be dynamically obtained without refreshing the data. In this article, we will introduce how to use Ajax to get variables from PHP methods, and provide specific code examples. First, we need to write a PHP file to handle the Ajax request and return the required variables. Here is sample code for a simple PHP file getData.php:
PHP vs. Ajax: Solutions for creating dynamically loaded content
Jun 06, 2024 pm 01:12 PM
Ajax (Asynchronous JavaScript and XML) allows adding dynamic content without reloading the page. Using PHP and Ajax, you can dynamically load a product list: HTML creates a page with a container element, and the Ajax request adds the data to that element after loading it. JavaScript uses Ajax to send a request to the server through XMLHttpRequest to obtain product data in JSON format from the server. PHP uses MySQL to query product data from the database and encode it into JSON format. JavaScript parses the JSON data and displays it in the page container. Clicking the button triggers an Ajax request to load the product list.
PHP and Ajax: Ways to Improve Ajax Security
Jun 01, 2024 am 09:34 AM
In order to improve Ajax security, there are several methods: CSRF protection: generate a token and send it to the client, add it to the server side in the request for verification. XSS protection: Use htmlspecialchars() to filter input to prevent malicious script injection. Content-Security-Policy header: Restrict the loading of malicious resources and specify the sources from which scripts and style sheets are allowed to be loaded. Validate server-side input: Validate input received from Ajax requests to prevent attackers from exploiting input vulnerabilities. Use secure Ajax libraries: Take advantage of automatic CSRF protection modules provided by libraries such as jQuery.
What are the ajax versions?
Nov 22, 2023 pm 02:00 PM
Ajax is not a specific version, but a technology that uses a collection of technologies to asynchronously load and update web page content. Ajax does not have a specific version number, but there are some variations or extensions of ajax: 1. jQuery AJAX; 2. Axios; 3. Fetch API; 4. JSONP; 5. XMLHttpRequest Level 2; 6. WebSockets; 7. Server-Sent Events; 8, GraphQL, etc.
