ColdFusion 10 CFCookie不尊重域属性 [英] ColdFusion 10 CFCookie not honoring domain attribute

问题描述

我有一个Application.cfc具有以下设置：

I have an Application.cfc with the following settings:

<cfset THIS.Name = "Test01" />
<cfset THIS.ApplicationTimeout = CreateTimeSpan(1,0,0,0) />
<cfset THIS.sessionTimeout = CreateTimeSpan(1,0,0,0) />
<cfset THIS.clientManagement = false />
<cfset THIS.SessionManagement = true />
<cfset THIS.SetClientCookies = false />
<cfset THIS.setDomainCookies = false />

我尝试发送以下Cookie：

And I attempted to send the following cookies:

<cfcookie name="CFID" value="#session.CFID#" domain=".test01.domain.net" path="/" expires="never">
<cfcookie name="CFTOKEN" value="#session.CFTOKEN#" domain=".test01.domain.net" path="/" expires="never">

但是，发送到浏览器的是：

However, what gets sent to the browser is:

Set-Cookie: CFID=6389; Domain=.domain.net; Expires=Fri, 12-Jun-2043 22:14:17 GMT; Path=/; HttpOnly:
Set-Cookie: CFTOKEN=783fa62afecfd571%2DB1069303%2D3048%2D3344%2DAA97ADAF73598FA6; Domain=.domain.net; Expires=Fri, 12-Jun-2043 22:14:17 GMT; Path=/; HttpOnly

无论我在域或路径中放置什么值，它总是发送那些相同的头。如果我尝试使用 cfheader ，它什么都不发送。我只能通过将 SetClientCookies 设置为true来获取它发送没有域值的cookie头：

No matter what values I put in domain or path, it always sends those same headers. If I try to use cfheader it simply sends nothing. The only time I can get it to send cookie headers without a domain value is by setting SetClientCookies to true:

Set-Cookie: CFID=6391; Expires=Fri, 12-Jun-2043 22:21:38 GMT; Path=/; HttpOnly

但是我不能再通过使用 / code>或 CFCookie 的属性过期（实际上它创建了第二组Cookie）。

However I can no longer get rid of the cookies by using StructDelete nor CFCookie with the attributes expires now (in fact it creates a second set of cookies).

我的主要目标是简单地发送CFID和没有域的CFTOKEN cookies（或者至少没有前导期，例如test01.domain.net）

My main goal is to simply send CFID and CFTOKEN cookies without a domain (or at the very least without a leading period, e.g. test01.domain.net)

推荐答案

感谢Henry我在使用< cfset this.SetClientCookies = true> 时，通过仔细观察CF10发送的头部， / code>。 CF10省略了发送到浏览器的头中的域值，所以我复制了CF10发送的头并将其放在cfheader中：

Thanks to Henry I took a look at using cfheaders again by having a closer look at the headers sent by CF10 when using <cfset this.SetClientCookies = true>. CF10 omitted the domain value in the header sent to the browser so I copied the header CF10 sent and put it in a cfheader:

<cfheader name="Set-Cookie"  value="CFID=#session.CFID#; Expires=#GetHttpTimeString(DateAdd("yyyy", 40, Now()))#; Path=/">
<cfheader name="Set-Cookie"  value="CFToken=#session.CFToken#; Expires=#GetHttpTimeString(DateAdd("yyyy", 40, Now()))#; Path=/">

Lo，并且看到浏览器收到的Cookie值没有领先的期间。我也设法使用以下代码过期这些cookie：

Lo' and behold the browser received the cookie without the domain value having a leading period. I also managed to expire those cookies with the following code:

<cfheader name="Set-Cookie"  value="CFID=#session.CFID#; Expires=#GetHttpTimeString(Now()-1)#; Path=/">
<cfheader name="Set-Cookie"  value="CFToken=#session.CFToken#; Expires=#GetHttpTimeString(Now()-1)#; Path=/">
<cfset StructClear(session)>
<cflocation url="/" addtoken="no">

唯一的怪癖似乎是在使用url变量测试代码块时Chrome浏览器会在地址栏中输入？ResetSen 时发出HTTP请求，当我按下Enter键时会发出第二个请求。这将导致怪异，例如跳过CFID（7249 - > 7251）或者只发送两组cookie（expire：indefinite and expires：now）。

The only quirk it seems that while testing out that block of code using a url variable in Chrome, Chrome would send out a HTTP request when simply typing ?ResetSen in the address bar causing a second request when I hit enter. This would lead to oddities such as skipping a CFID (7249 -> 7251) or just sending out both sets of cookies (expire: indefinite and expires: now).

Nevermind，真正的问题似乎是过期时间不流逝（在同一秒钟的两个请求），我改变了这部分到 #GetHttpTimeString（Now（） - 1）＃

Nevermind, the real issue seems to be the expiry time not elapsing (two requests in the same second), I changed that portion to #GetHttpTimeString(Now()-1)# which is one day in the past and that seems to holding up.

原来是这样：

<cfheader name="Set-Cookie"  value="CFID=#session.CFID#; Domain=test01.domain.net;Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/">
<cfheader name="Set-Cookie"  value="CFToken=#session.CFToken#; Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/">

发送这个：

Set-Cookie: CFID=7191; Domain=test01.domain.net; Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/
Set-Cookie: CFToken=33b984d7a56f6356-0B97F3CF-3048-3344-AABF2B698F4B8B02; Domain=test01.domain.net; Expires=Sat, 04-Jul-2043 13:24:38 GMT; Path=/

浏览器接收的 .test01.domain.net 这是我想避免的。

Which the browser receives as .test01.domain.net which is what I wanted to avoid.

这篇关于ColdFusion 10 CFCookie不尊重域属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！