How to design domain-crossing cookies in Asp

Recommended: How to use ASP to implement operations on ORACLE database
ASP (Active Server Pages) is one of the tools proposed by Microsoft to develop Internet applications. The connection between ASP and databases is generally achieved through ADO (Activex Data Object), just like "Computer World" on March 20, 2000 "Using ASP".

Introduction to Cookies

First of all, we give a brief introduction to cookies, explaining how to use ASP to maintain cookies.

A cookie is a small file stored on the client computer, which means that whenever a user visits your site, you can secretly place a file containing information on its hard drive. This file can contain almost any information you intend to set, including user information, site status, etc. In this way, there is a potential danger: this information may be read by hackers. To prevent this problem from happening, an effective way is that cookies can only be accessed by the domain where it was created. This means: For example, ytu.edu.cn can only access cookies created by ytu.edu.cn. Generally speaking, there is no problem with this; but what should I do if two different sites on two different domains need to share user information stored in cookies? Of course, you can choose to copy user information, but what if you need a user to register on one site and become a registered user of another site from the east? Or, two sites share a user database and require users to log in automatically? At this time, sharing cookies across the domain is the best solution.

Here, let’s first look at some ASP code for processing cookies so that it can be cited and referenced in the future.

Reading and writing cookies is very simple. The above code creates a cookie and sets attributes to the cookie: domain, expiration time, and some other values ​​stored in the cookie. Here, strUsename and strPassword are variables set somewhere in front. Then, read in the cookie through the following statement.

For more detailed information, please refer to the ASP information.

accomplish

The trick to simply sharing cookies is redirection, the general process is:

1. A user clicks siteA.com.

2. If the user does not have siteA.com cookies, redirect the user to siteB.com.

3. If the user has a siteB.com cookie, redirect the user back to siteA.com with a special logo (which will be explained below). Otherwise, redirect the user only to siteA.com.

4. Create cookies at siteA.com.

It seems simple, let's analyze it carefully: siteA.com and siteB.com share the same user settings. Therefore, if the user has a siteB.com cookie (already registered), siteA.com can also read the cookies and provide the features allowed by the cookies. In this way, users who visit siteA.com are like visiting siteB.com.

This checking process should be implemented in a cookies.inc included in the file in siteA.com. Let's take a look at this code:

If the user has a siteA.com cookie, there is no need to do anything; the first if statement is used to eliminate infinite loops. Let's take a look at the cookie.asp file on siteB.com for further understanding.

If the user still does not have a cookie on siteB.com, he will be sent back to siteA.com and let the application know that you have checked the cookie by providing a parameter called checkd in the query statement. Otherwise, send the user back to siteB.com and exit the loop.

However, if the user has a cookie for siteB.com, we need to send the user back to siteA.com and tell siteA.com. To do this, we attach a unique flag to the database, username. So, we extend the code in siteA.com.

Share: A brief analysis of the Debug class in ASP--VBScript
I don't know if friends who write code in ASP have the same feeling as me. The most troublesome thing in ASP is that it is inconvenient to debug programs. I think many friends may use this method "response.write" and then output relevant statements to see if it is.