在斯卡拉的稠粘的曲奇饼 [英] Sticky Cookies in Scala

问题描述

我在Scala中设置了类似于以下内容的Cookie：

I've set a cookie in Scala similar to the following:

val cookies:Seq[Cookie] = new Seq()
val nDaysExpire:Int = 2000
val nSecondsExpire:Int = nDaysExpire * 24 * 60 * 60
val cookie:Cookie = new Cookie(sCookieID, sValue, Option(nSecondsExpire))
cookies = cookies:+ cookie
Ok(views.html.main(sID)).withCookies(cookies:_*)

，然后我立即删除JavaScript中的cookie。我已经在网页加载后30秒删除了Cookie。

and then I immediately delete the cookie in JavaScript. I have even deleted the cookie 30 seconds after the page has loaded.

当我重新加载页面时，Scala代码仍然看到cookie。但是在JavaScript中，当我调用：document.cookie时，cookie是没有找到的。

When I reload the page, the Scala code still sees the cookie. But in the JavaScript, the cookie is no where to be found when I call: document.cookie.

发生了什么事？

推荐答案

根据 docs ， Cookie 的构造函数使用一个名为 httpCookie 。默认值为 true 。

According to the docs, the constructor for Cookie takes a boolean parameter named httpCookie. The default value is true.

HttpOnly cookie无法通过javascript查看。因此，如果您要从javascript中删除您的Cookie，请尝试将其设置为false。

HttpOnly cookies cannot be seen by javascript. So, if you want to delete your cookie from javascript, try setting this to false.

val cookie:Cookie = new Cookie(sCookieID, sValue, Option(nSecondsExpire), httpOnly = false)

由Jeff Atwoord在保护您的Cookie：HttpOnly

By Jeff Atwoord in Protecting Your Cookies: HttpOnly

当您使用HttpOnly标记标记Cookie时，它会通知浏览器该特定的Cookie只应由服务器访问。严禁任何尝试从客户端脚本访问cookie的尝试。

When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden.

这篇关于在斯卡拉的稠粘的曲奇饼的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！