如果Web浏览器在退出时删除所有`session'(expiry = 0)cookie? [英] Should a web browser delete all `session' (expiry = 0) cookies on exit?
问题描述
通常会话是浏览器打开的时间长度...
< blockquote>
http://php.net /manual/en/function.setcookie.php 说:
如果设置为0或省略,
但是,在 Firefox(3.0。 8)显示:
- Cookie设置为会话 li>
- 设为会话的Cookie只会在退出时不被删除
我希望能在网络上依赖这个功能-app我正在努力(有一个安全的cookie和不安全的cookie作为登录标志,并让他们一起过期,有一个实时或0为一个会话),但似乎,即使它在标准然后浏览器不一致足以依赖它:/
这是浏览器中的一个错误,预期的行为和/或是会话cookie的实际生命周期
您不应该依赖客户端功能。 / p>
您正在处理的功能通常实现为存储会话ID客户端和真实用户信息服务器端(其ID,无论他是否登录,他的个人信息等)。
同时请记住,每次请求中都会发送Cookie,因此您在Cookie中存储的数据越少越好。
Everything I read about cookies says that setting the expiry time of a cookie to zero should make it a `session' cookie, which the browser will then delete upon exit.
http://www.cookiecentral.com/faq/ says that :
"...generally a session is the length of time that the browser is open for..."
http://php.net/manual/en/function.setcookie.php says :
"If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes)."
However, some experimenting in Firefox (3.0.8) shows that:
- cookies set as session and secure get deleted on exit
- cookies set as session only do not get deleted on exit
Opera (9.64) behaves as I would expect, deleting the session cookies upon exit whether set as secure or not.
I wanted to be able to rely on this in a web-app I'm working on (having a secure cookie and an insecure cookie as a "logged-in" flag and having them expire together, either with a real time or 0 for a session), but it seems that even if it's in the standard then browsers are not consistent enough to rely on it :/
Is this a bug in the browser, expected behaviour, and/or is the actual lifetime of session cookies not really defined in the standard?
解决方案You should never rely on client-side features.
The feature you're working on is usually implemented storing the session ID client-side and the real user info server-side (its ID, whether he's logged in or not, his personal info, etc).
Also bear in mind cookies get sent in every request, so the less you store in a cookie, the better.
这篇关于如果Web浏览器在退出时删除所有`session'(expiry = 0)cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
