Cookies如何与域,路径和覆盖一起使用? [英] How do cookies work with domains, paths and overriding?
问题描述
我一直在阅读浏览器cookie域如何工作?和RFC,它回答了我有关cookie的许多问题.尽管不是全部(尽管我确信答案在RFC中,但我仍无法正确解析它).我还有其他问题,将以与上述问题相同的格式提出.
I have been reading through How do browser cookie domains work? and the RFC at and it answered many of my questions about cookies. Not all of them though (though I'm sure the answer is in the RFC, I haven't been able to properly parse it). I have some more questions, which I will pose in the same format as the above question.
-
www.example.com/path是否可以使用www.example.com的cookie? -
www.example.com是否可以使用example.com/path的cookie? -
www.example.com应该能够为www.example.com/path设置cookie吗? -
www.example.com/path的cookie是否可用于www.example.com? -
www.example.com/path应该能够为www.example.com设置cookie吗? - 如果为包含
foo = bar的www.example.com设置了cookie,然后为example.com 包含foo = baz的example.com应该发送给前者,还是发送给后者?或两者都发送? - 如果为
www.example.com设置了包含一天之内到期的foo = bar的cookie,则包含foo = baz 的cookie设置为将在15分钟后过期的code>,后者的cookie过期后是否应该发送前者的cookie?
- should a cookie for
www.example.combe available towww.example.com/path? - should a cookie for
example.com/pathbe available forwww.example.com? - should
www.example.combe able to set a cookie forwww.example.com/path? - should a cookie for
www.example.com/pathbe available towww.example.com? - should
www.example.com/pathbe able to set a cookie forwww.example.com? - if a cookie is set for
www.example.comcontainingfoo=bar, and after that a cookie is set forexample.comcontainingfoo=bazshouldexample.combe sent the former, or the latter or both? - if a cookie is set for
www.example.comcontainingfoo=barthat expires in a day, then a cookie containingfoo=bazis set that will expire in 15 minutes, should after the latter cookie expires the former cookie be sent?
再编辑一次:
- 如果为包含
foo = bar的www.example.com设置了cookie,然后为example.com 包含foo = baz应当发送www.example.com哪些cookie?
- if a cookie is set for
www.example.comcontainingfoo=bar, and after that a cookie is set forexample.comcontainingfoo=bazwhat cookie shouldwww.example.combe sent?
还解决了第二种情况
推荐答案
-
www.example.com/path是否可以使用www.example.com的cookie? - should a cookie for
www.example.combe available towww.example.com/path? -
www.example.com是否可以使用example.com/path的cookie? - should a cookie for
example.com/pathbe available forwww.example.com? -
www.example.com应该能够为www.example.com/path设置cookie吗? - should
www.example.combe able to set a cookie forwww.example.com/path? -
www.example.com/path的cookie是否可用于www.example.com? - should a cookie for
www.example.com/pathbe available towww.example.com? -
www.example.com/path应该能够为www.example.com设置cookie吗? - should
www.example.com/pathbe able to set a cookie forwww.example.com? - 如果为包含
foo = bar的www.example.com设置了cookie,然后为example.com 包含foo = baz的example.com应该发送给前者,还是发送给后者?或两者都发送? - if a cookie is set for
www.example.comcontainingfoo=bar, and after that a cookie is set forexample.comcontainingfoo=bazshouldexample.combe sent the former, or the latter or both? - 如果为
www.example.com设置了包含一天之内到期的foo = bar的cookie,则包含foo = baz 的cookie设置为将在15分钟后过期的code>,后者的cookie过期后是否应该发送前者的cookie? - if a cookie is set for
www.example.comcontainingfoo=barthat expires in a day, then a cookie containingfoo=bazis set that will expire in 15 minutes, should after the latter cookie expires the former cookie be sent? - 如果为包含foo = bar的www.example.com设置了一个cookie,然后为包含foo = baz的example.com设置了cookie,则应该向www.example.com发送哪个cookie?
是
否
(是)很有可能(Cookie Path不是安全功能)
(Yes) Most likely (Cookie Path is not a security feature)
(否)该Cookie不会发送到 www.example.com ,但是 www.example.com 可以包含可通过iframe获取Cookie的JavaScript.同样,cookie路径也不是安全功能.
(No) The cookie will not be sent to www.example.com, but www.example.com can contain javascript that can fetch the cookie through an iframe. Again, cookie path is not a security feature.
是
后来,因为 example.com 无法访问 www.example.com 的cookie.
Latter, because example.com does not have access to www.example.com's cookies.
否,因为第二个Cookie会覆盖第一个Cookie.
No, because the second cookie will overwrite the first.
未指定的行为.(或连接在一起)似乎都有效.
Unspecified behaviour. Either or both (concatenated) seems to be valid.
添加了新问题的答案,更正了问题2并更改了答案.
Added answer to new question, corrected question 2 and changed answer.
这篇关于Cookies如何与域,路径和覆盖一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
