Business code would only write four years of development, the distributed high concurrency also can't be a programmer? ->>


If two people subsystem is a different domain name, it is no use ah,

CodePudding user response:

Is not necessarily the cookies, can add a header in the request and response for the token, but at this time must be in the back-end cross-domain Settings allow for this token represents the header, not can intercept a custom header and then end,

CodePudding user response:

Throw cookies, inside the head transfer token, the token is correct after the server-side interceptor, is unsafe, but the cookie is similar;

CodePudding user response:

Cookies can cross domain, ` XMLHttpRequest ` one attribute: withCredentials, ` fetct ` also has a property: credentials
Server-side ` allowCredentials ` to set to true,
And the key point, if you need the client to submit documents (cookies), AllowedOrigin head cannot be: *
Its value must be compatible with the current origin,

CodePudding user response:

General is the use of HTTP headers or cookies, cookies again, there are many ways a set cross-domain properties as the elder brothers, the other is a redirect, if use headers, suggested pass: random number or UUID, time, user name, signature (by the signatures of three plus password do digital signature) four fields, then do a digital signature using the algorithm of irreversible

CodePudding user response:

I also didn't solve the problem of cookie cross domain, finally the ticket will be generated into a cookie to sso server, it's not safe, but when the authentication ticket can smooth smooth out the ticket from sso server,

CodePudding user response:

Can keep the cookies in the top-level domain, this domain name can get to the cookies