Menu
I have bookmarklet. If I open a random page (not mine) and click the bookmarklet, I would like to check if the user is logged in on my page.
I am already doing Cross-Domain AJAX Request using Access-Control-Allow-Origin, but it looks like there is not Session ID or cookie send here.
Is there a way to do this?
501
Cross-domain authentication is a common approach in identity management that authenticates users for sites that run on different domains. ReachFive handles this even for browsers that block third-party cookies. Cross-domain authentication is much more streamlined when using SSO.
To log into another domain, simply use the URL for that domain (https://xxxxx.echo-ntn.org) and add use your existing account to log in. In order to let they system know where to find your credentials and permissions, you must add your userspace and a "/" to your users name.
Cross-domain measurement is a Google Analytics feature that allows you to see sessions from two related sites (such as an ecommerce site and a separate shopping cart site) as a single session, rather than as two separate ones.
Solution: Use a private key saved on your server to sign a string that contains the following data items, current time-stamp, destination site (i.e "site2.com") the said GUID, this signature can be translated into saying "This is a proof that this link was created by the site at the said time for the user that has this ...
Alex is right! Here the full solution. (It does not work with IE8 and IE9!)
You need to set withCredentials on the client side. Since jQuery 1.5.1 you can do it like shown below (Source). For older Version follow the white rabbit.
$.ajax({
url: a_cross_domain_url,
xhrFields: {
withCredentials: true
}
});
On the server side you have to allow setting options, allow the credentials and allow to origin. Wildcard origin is not allowed! But you can read out the origin from the request header :)
// auto adapted Access Control to origin from request header.
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
if ($header == 'Origin')
header('Access-Control-Allow-Origin: ' . $value, true);
}
// send cookies from client
header('Access-Control-Allow-Credentials: true', true);
// allow all methods
header('Access-Control-Allow-Methods: GET, POST, OPTIONS', true);
You have to set the credentials flag to true and also the header Access-Control-Allow-Credentials
See also here: Firefox: Cross-domain requests with credentials return empty
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
