Cookies如何与域,路径和覆盖一起使用? [英] How do cookies work with domains, paths and overriding?
问题描述
我一直在阅读浏览器cookie域如何工作?和RFC,它回答了我有关cookie的许多问题.尽管不是全部(尽管我确信答案在RFC中,但我仍无法正确解析它).我还有其他问题,将以与上述问题相同的格式提出.
I have been reading through How do browser cookie domains work? and the RFC at and it answered many of my questions about cookies. Not all of them though (though I'm sure the answer is in the RFC, I haven't been able to properly parse it). I have some more questions, which I will pose in the same format as the above question.
-
www.example.com/path
是否可以使用www.example.com
的cookie? -
www.example.com
是否可以使用example.com/path
的cookie? -
www.example.com
应该能够为www.example.com/path
设置cookie吗? -
www.example.com/path
的cookie是否可用于www.example.com
? -
www.example.com/path
应该能够为www.example.com
设置cookie吗? - 如果为包含
foo = bar
的www.example.com
设置了cookie,然后为example.com
包含foo = baz
的example.com
应该发送给前者,还是发送给后者?或两者都发送? - 如果为
www.example.com
设置了包含一天之内到期的foo = bar
的cookie,则包含foo = baz 的cookie设置为将在15分钟后过期的code>,后者的cookie过期后是否应该发送前者的cookie?
- should a cookie for
www.example.com
be available towww.example.com/path
? - should a cookie for
example.com/path
be available forwww.example.com
? - should
www.example.com
be able to set a cookie forwww.example.com/path
? - should a cookie for
www.example.com/path
be available towww.example.com
? - should
www.example.com/path
be able to set a cookie forwww.example.com
? - if a cookie is set for
www.example.com
containingfoo=bar
, and after that a cookie is set forexample.com
containingfoo=baz
shouldexample.com
be sent the former, or the latter or both? - if a cookie is set for
www.example.com
containingfoo=bar
that expires in a day, then a cookie containingfoo=baz
is set that will expire in 15 minutes, should after the latter cookie expires the former cookie be sent?
再编辑一次:
- 如果为包含
foo = bar
的www.example.com
设置了cookie,然后为example.com
包含foo = baz
应当发送www.example.com
哪些cookie?
- if a cookie is set for
www.example.com
containingfoo=bar
, and after that a cookie is set forexample.com
containingfoo=baz
what cookie shouldwww.example.com
be sent?
还解决了第二种情况
推荐答案
-
www.example.com/path
是否可以使用www.example.com
的cookie? - should a cookie for
www.example.com
be available towww.example.com/path
? -
www.example.com
是否可以使用example.com/path
的cookie? - should a cookie for
example.com/path
be available forwww.example.com
? -
www.example.com
应该能够为www.example.com/path
设置cookie吗? - should
www.example.com
be able to set a cookie forwww.example.com/path
? -
www.example.com/path
的cookie是否可用于www.example.com
? - should a cookie for
www.example.com/path
be available towww.example.com
? -
www.example.com/path
应该能够为www.example.com
设置cookie吗? - should
www.example.com/path
be able to set a cookie forwww.example.com
? - 如果为包含
foo = bar
的www.example.com
设置了cookie,然后为example.com
包含foo = baz
的example.com
应该发送给前者,还是发送给后者?或两者都发送? - if a cookie is set for
www.example.com
containingfoo=bar
, and after that a cookie is set forexample.com
containingfoo=baz
shouldexample.com
be sent the former, or the latter or both? - 如果为
www.example.com
设置了包含一天之内到期的foo = bar
的cookie,则包含foo = baz 的cookie设置为将在15分钟后过期的code>,后者的cookie过期后是否应该发送前者的cookie?
- if a cookie is set for
www.example.com
containingfoo=bar
that expires in a day, then a cookie containingfoo=baz
is set that will expire in 15 minutes, should after the latter cookie expires the former cookie be sent? - 如果为包含foo = bar的www.example.com设置了一个cookie,然后为包含foo = baz的example.com设置了cookie,则应该向www.example.com发送哪个cookie?
是
否
(是)很有可能(Cookie Path不是安全功能)
(Yes) Most likely (Cookie Path is not a security feature)
(否)该Cookie不会发送到 www.example.com
,但是 www.example.com
可以包含可通过iframe获取Cookie的JavaScript.同样,cookie路径也不是安全功能.
(No) The cookie will not be sent to www.example.com
, but www.example.com
can contain javascript that can fetch the cookie through an iframe. Again, cookie path is not a security feature.
是
后来,因为 example.com
无法访问 www.example.com
的cookie.
Latter, because example.com
does not have access to www.example.com
's cookies.
否,因为第二个Cookie会覆盖第一个Cookie.
No, because the second cookie will overwrite the first.
未指定的行为.(或连接在一起)似乎都有效.
Unspecified behaviour. Either or both (concatenated) seems to be valid.
添加了新问题的答案,更正了问题2并更改了答案.
Added answer to new question, corrected question 2 and changed answer.
这篇关于Cookies如何与域,路径和覆盖一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!