Cookie cross-domain operation seems to be a simple problem, because you only need to specify the Domain attribute as the root domain name of the specified website.
However, the author encountered some problems during actual use, which is indeed worth noting.
Environment introduction
Cookie in www main domain name Create it under and write the Domain attribute, such as: (For the convenience of debugging, the following codes are all asp codes)
Code:
Write.asp
<%
Response.Cookies(CookieName)("UserName") = "SunBird"
Response.Cookies(CookieName)("Password") = "xyz1234"
Response.Cookies(CookieName).Domain = "xxxx.com"
%>
Code
for reading cookies is placed in the same directory
:Read.asp
<%
Response.Write Request.Cookies(CookieName)("UserName")
Response.Write Request.Cookies(CookieName)("Password")
%>
Then put a Read.asp file into another subdomain site, with the same code as above.
Finally, we make another Clear.asp to clear cookies and place it under the main domain name.
Code:
Clear.asp
<%
Response.Cookies(CookieName)("UserName") = ""
Response.Cookies(CookieName)("Password") = ""
Response.Cookies(CookieName).Domain = "xxxx.com"
%>
Now you can test it through the following execution sequence, Write.asp-->Read.asp of the main domain name-->Read.asp of the subdomain name. All Read.asp pages can read the value of the cookie created by Write.asp and then Run Clear.asp again to clear it, everything is OK, and there seems to be no problem.
But there are problems when applying this method to actual sites.
Problem description:
Everything is ok when logging in for the first time. All subdomain names can access the cookies stored in the main domain name. However, once you log out, the cookies of the subdomain names are cleared, but the cookies of the main domain name are still retained. After forcibly clearing the cookies of the main domain name , no matter how you log in to the main domain name, cookies cannot be saved unless you close the browser and reopen it.
After many attempts, I accidentally discovered the problem. The following is the test process.
Create a Write2.asp page and place it under the main domain name
<%
Response.Cookies(CookieName)("TEST_COOKIE") = "TEST_COOKIE"
%>
Step 1: After closing the browser, execute in the following order: Write.asp-->Read.asp of the main domain name-->Read.asp of the sub-domain name. Here all Read.asp reads normally.
Step 2: Clear.asp-->Read.asp of the main domain name-->Read.asp of the subdomain name The clearing operation is successful here.
Step 3: Write.asp --> Write2.asp --> Main domain name Read.asp --> Subdomain name Read.asp At this point, both Read.asp can read the cookie value.
Step 4: Re-execute step 2 and find that the main domain name Read.asp still outputs the value, while the value of Read.asp under the subdomain name has been cleared.
Based on the above test, we summarize the following points that you need to pay attention to when using cookies across domains:
1. When you have a Cookie group (or Cookie dictionary) and use the Domain attribute to specify the domain name, when you modify or add new members to the group When adding, be sure to add the Resonse.Cookies(CookieName).Domain attribute after the operation.
2. If it is not necessary, please do not modify the cookie group for which the domain has been set, and directly use Response.Cookies("CookieText") = CookieValue to create a new cookie.