js脚本ajax请求

news.xxx.com 请求www.xxx.com获取登录状态信息

$.ajax({
             type: "GET",
             url: 'http://www.xxx.com/index.php?m=member&'+Math.random(),
             data: {},
             dataType: "Html",
             xhrFields: {
                withCredentials: true//为真而执行跨域名请求

             },
             success: function(html){//返回登录信息
                 $('ul.topmenu').html(html);
             }
         });


php服务器端

$allow_origin=array('news.xxx.com','m.xxx.com');

$origin = isset($_SERVER['HTTP_ORIGIN'])? $_SERVER['HTTP_ORIGIN'] : ''; //来源网址
        if(in_array($origin.'/', $allow_origin)){
            header('Access-Control-Allow-Origin:'.$origin);  //允许的域名           

            header('Access-Control-Allow-Credentials:true');//是否允许请求带有验证信息

 }