duanjiaonie6097 2019-03-10 06:39
浏览 294

我可以为另一个域指定并设置仅HTTP cookie吗?

Say I have a service that has two domains

app.myapp.com
api.myapp.com

My app does the whole OAuth/OpenID flow.

app.myapp.com/oauth
app.myapp.com/oauth/callback

In the /callback I set the accessToken as an http-only cookie on the current domain (app.myapp.com).

I have an assortment of microservices that live on api.myapp.com, all of which require an accessToken to work.

In the /callback stage of the OAuth flow, can I specify the other domain in my http-only cookie?

I am using Go + Gin

c.SetCookie(
    "accessToken", 
    accessToken, 
    3600, 
    "/", 
    "", 
    false, 
    true,
)
  • 写回答

1条回答 默认 最新

  • doze79040 2019-03-10 16:44
    关注

    Well, it depends. In general, no, you cannot set cookies for a different domain.

    But you can set cookies for all subdomains of a domain you "control" (read RFC 6265 and publicsuffix.org for details) by setting the Domain attribute of a cookie.

    评论

报告相同问题?

悬赏问题

  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 LiBeAs的带隙等于0.997eV,计算阴离子的N和P
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 来真人,不要ai!matlab有关常微分方程的问题求解决,
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿
  • ¥15 回答4f系统的像差计算