我在跨域方案中运行。 在登录期间，远程服务器返回Set-Cookie标头以及设置为true的Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *。

对远程服务器的下一个ajax调用应该使用此cookie。

CORS的Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *允许跨域日志记录。 有关示例，请查看[https://developer.mozilla.org/En/HTTP_access_control]。

对我来说，它似乎是JQuery中的一个错误(或者至少是下一版本中的功能)。

更新：

不会自动从AJAX响应中设置Cookie(引用：[http://aleembawany.com/2006/11/14/anatomy-of-a-well-designed-ajax-login-experience/)]

为什么？

您无法从响应中获取cookie的值以手动设置([http://www.w3.org/TR/XMLHttpRequest/#dom-xmlhttprequest-getresponseheader)]

我糊涂了..

应该有一种方法可以要求Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *设置XMLHttpRequest.withCredentials = "true"参数。

回答：您应该使用[http://api.jquery.com/jQuery.ajax/]的Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *参数

文档中的示例是：

$.ajax({

url: a_cross_domain_url,

xhrFields: {

withCredentials: true

}

});

服务器正确回答此请求也很重要。 在这里复制@Frédéric和@Pebbl的精彩评论：

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *

所以当请求是：

Origin: http://foo.example

Cookie: pageAccess=2

服务器应该响应：

Access-Control-Allow-Origin: http://foo.example

Access-Control-Allow-Credentials: true

[payload]

否则，有效负载将不会返回到脚本。 请参阅：[https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials]