ColdFusion 10 CFCookie 不尊重域属性 [英] ColdFusion 10 CFCookie not honoring domain attribute
问题描述
我有一个具有以下设置的 Application.cfc:
I have an Application.cfc with the following settings:
<cfset THIS.Name = "Test01" />
<cfset THIS.ApplicationTimeout = CreateTimeSpan(1,0,0,0) />
<cfset THIS.sessionTimeout = CreateTimeSpan(1,0,0,0) />
<cfset THIS.clientManagement = false />
<cfset THIS.SessionManagement = true />
<cfset THIS.SetClientCookies = false />
<cfset THIS.setDomainCookies = false />
我尝试发送以下 cookie:
And I attempted to send the following cookies:
<cfcookie name="CFID" value="#session.CFID#" domain=".test01.domain.net" path="/" expires="never">
<cfcookie name="CFTOKEN" value="#session.CFTOKEN#" domain=".test01.domain.net" path="/" expires="never">
但是,发送到浏览器的是:
However, what gets sent to the browser is:
Set-Cookie: CFID=6389; Domain=.domain.net; Expires=Fri, 12-Jun-2043 22:14:17 GMT; Path=/; HttpOnly:
Set-Cookie: CFTOKEN=783fa62afecfd571%2DB1069303%2D3048%2D3344%2DAA97ADAF73598FA6; Domain=.domain.net; Expires=Fri, 12-Jun-2043 22:14:17 GMT; Path=/; HttpOnly
无论我在域或路径中输入什么值,它总是发送相同的标头.如果我尝试使用 cfheader
它只会发送任何内容.我唯一可以让它发送没有域值的 cookie 头的方法是将 SetClientCookies
设置为 true:
No matter what values I put in domain or path, it always sends those same headers. If I try to use cfheader
it simply sends nothing. The only time I can get it to send cookie headers without a domain value is by setting SetClientCookies
to true:
Set-Cookie: CFID=6391; Expires=Fri, 12-Jun-2043 22:21:38 GMT; Path=/; HttpOnly
但是,我不能再通过使用 StructDelete
或 CFCookie
来删除 cookie,并且属性现在过期(实际上它会创建第二组 cookie).
However I can no longer get rid of the cookies by using StructDelete
nor CFCookie
with the attributes expires now (in fact it creates a second set of cookies).
我的主要目标是简单地发送没有域的 CFID 和 CFTOKEN cookie(或者至少没有前导句点,例如 test01.domain.net)
My main goal is to simply send CFID and CFTOKEN cookies without a domain (or at the very least without a leading period, e.g. test01.domain.net)
推荐答案
感谢Henry,通过仔细查看使用
Thanks to Henry I took a look at using cfheaders again by having a closer look at the headers sent by CF10 when using <cfset this.SetClientCookies = true>
. CF10 omitted the domain value in the header sent to the browser so I copied the header CF10 sent and put it in a cfheader:
<cfheader name="Set-Cookie" value="CFID=#session.CFID#; Expires=#GetHttpTimeString(DateAdd("yyyy", 40, Now()))#; Path=/">
<cfheader name="Set-Cookie" value="CFToken=#session.CFToken#; Expires=#GetHttpTimeString(DateAdd("yyyy", 40, Now()))#; Path=/">
Lo' 并看到浏览器收到了 cookie,但没有带前导句点的域值.我还设法使用以下代码使这些 cookie 过期:
Lo' and behold the browser received the cookie without the domain value having a leading period. I also managed to expire those cookies with the following code:
<cfheader name="Set-Cookie" value="CFID=#session.CFID#; Expires=#GetHttpTimeString(Now()-1)#; Path=/">
<cfheader name="Set-Cookie" value="CFToken=#session.CFToken#; Expires=#GetHttpTimeString(Now()-1)#; Path=/">
<cfset StructClear(session)>
<cflocation url="/" addtoken="no">
似乎唯一的怪癖是,在 Chrome 中使用 url 变量测试该代码块时,Chrome 只需在地址栏中键入 ?ResetSen
就会发出 HTTP 请求,导致当我按 Enter 时的第二个请求.这会导致异常情况,例如跳过 CFID (7249 -> 7251) 或仅发送两组 cookie(过期:无限期和过期:现在).
The only quirk it seems that while testing out that block of code using a url variable in Chrome, Chrome would send out a HTTP request when simply typing ?ResetSen
in the address bar causing a second request when I hit enter. This would lead to oddities such as skipping a CFID (7249 -> 7251) or just sending out both sets of cookies (expire: indefinite and expires: now).
没关系,真正的问题似乎是过期时间没有过去(同一秒内有两个请求),我将那部分更改为 #GetHttpTimeString(Now()-1)#
这是一个过去的一天,这似乎是成立的.
Nevermind, the real issue seems to be the expiry time not elapsing (two requests in the same second), I changed that portion to #GetHttpTimeString(Now()-1)#
which is one day in the past and that seems to holding up.
原来是这样的:
<cfheader name="Set-Cookie" value="CFID=#session.CFID#; Domain=test01.domain.net;Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/">
<cfheader name="Set-Cookie" value="CFToken=#session.CFToken#; Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/">
发送这个:
Set-Cookie: CFID=7191; Domain=test01.domain.net; Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/
Set-Cookie: CFToken=33b984d7a56f6356-0B97F3CF-3048-3344-AABF2B698F4B8B02; Domain=test01.domain.net; Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/
浏览器接收到的 .test01.domain.net
是我想要避免的.
Which the browser receives as .test01.domain.net
which is what I wanted to avoid.
这篇关于ColdFusion 10 CFCookie 不尊重域属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!