Feb
27
为解决Chrome引发的cross site cookes问题:SameSite=None; Secure
这个问题,我调查了很久记录一下。分享给有缘人。
首先看看SameSite=None; Secure设置方法:
php新版本可以直接在setcookie中设置,这里只发老版本:
header("Set-Cookie: $cookie_name=$zhoz_code; SameSite=None; Secure");
Js:
//set cookies
function setCookie(name,value) {
var Days = 30;
var exp = new Date();
var topDomain = getTopDomain();
exp.setTime(exp.getTime() + Days*24*60*60*1000);
// document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString() + "; domain=" + topDomain + ";path=/";
document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString() + "; domain=" + topDomain + ";path=/;SameSite=None;Secure";
}
附加一下Js高级写法,js变量传给php,看不懂就算了。
var search = window.location.search;
var js_sid = getParamString('sid', search);
var xmlHttp;
if (typeof(js_sid) != "undefined" && js_sid != '') {
xmlHttp=new XMLHttpRequest();
if (xmlHttp!=null) {
var url="=HOST_URL ?>/zhoz_track.php?acode==$acode ?>&js_sid="+js_sid+"&r=" + Math.round(Math.random() * 10000);
var new_element=document.createElement('script');
new_element.setAttribute('type','text/javascript');
new_element.setAttribute('src',url);
document.body.appendChild(new_element);
}
}
首先看看SameSite=None; Secure设置方法:
php新版本可以直接在setcookie中设置,这里只发老版本:
header("Set-Cookie: $cookie_name=$zhoz_code; SameSite=None; Secure");
Js:
//set cookies
function setCookie(name,value) {
var Days = 30;
var exp = new Date();
var topDomain = getTopDomain();
exp.setTime(exp.getTime() + Days*24*60*60*1000);
// document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString() + "; domain=" + topDomain + ";path=/";
document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString() + "; domain=" + topDomain + ";path=/;SameSite=None;Secure";
}
附加一下Js高级写法,js变量传给php,看不懂就算了。
var search = window.location.search;
var js_sid = getParamString('sid', search);
var xmlHttp;
if (typeof(js_sid) != "undefined" && js_sid != '') {
xmlHttp=new XMLHttpRequest();
if (xmlHttp!=null) {
var url="=HOST_URL ?>/zhoz_track.php?acode==$acode ?>&js_sid="+js_sid+"&r=" + Math.round(Math.random() * 10000);
var new_element=document.createElement('script');
new_element.setAttribute('type','text/javascript');
new_element.setAttribute('src',url);
document.body.appendChild(new_element);
}
}
作者:zhoz@Everyday NetLog
地址:http://log.zhoz.com/read.php?806
版权所有。转载时必须以链接形式注明作者和原始出处及本声明!