发送没有cookie的http请求 [英] sending http requests without cookies
问题描述
假设我写了一个ajax脚本来通过ajax发送HTTP请求。我与该网站相关联的任何
Cookie将与此HTTP请求一起发送
。有没有办法防止这种情况发生?我试试以下内容无效:
http.setRequestHeader(''Cookie'','''');
yawnmoth写道:说我写了一个ajax脚本来发送HTTP请求阿贾克斯。我与该网站相关联的任何
Cookie将与此HTTP请求一起发送。有没有办法防止这种情况发生?我试过以下无济于事:
http.setRequestHeader(''Cookie'','''');
var tmp = document.cookie;
document.cookie ='''';
sendRequest();
document.cookie = tmp;
(?)
VK写道:
yawnmoth写道:说我写了一个ajax脚本,通过ajax发出HTTP请求。我与该网站相关联的任何
Cookie将与此HTTP请求一起发送。有没有办法防止这种情况发生?
我不这么认为。为什么这仍然是必要的?
我尝试了以下无效:
http.setRequestHeader(''Cookie'','''');
这不起作用,因为Cookie标头值不能为空。
参见RFC2965,3.3.4。
var tmp = document。 cookie;
document.cookie ='''';
sendRequest();
document.cookie = tmp;
(?)
绝对不是。可以很容易地证明,将空字符串分配给
document.cookie不会删除此资源的所有cookie。
它只是添加一个新的会话cookie具有空名称和
当前域和路径的值 - 尽管该特定行为可能是依赖于UA
UA(我使用Firefox 1.5.0.1/Linux进行了测试)。
使用该UA进行的测试也表明,由于无法确定
设置cookie时域和路径组件是什么,因此不是
可以使用document.cookies的值可靠地删除它
当域和路径组件没有时,不可能删除cookie
匹配(含蓄地)。
PointedEars
Thomas''PointedEars''Lahn写道:< blockquote class =post_quotes> VK写道:
yawnmoth写道:说我写了一个aj ax脚本通过ajax发送HTTP请求。我与该网站相关联的任何
Cookie将与此HTTP请求一起发送。有没有办法防止这种情况发生?
我不这么认为。为什么这有必要呢?
我尝试了以下无效:
http.setRequestHeader(''Cookie'','''');
这不起作用,因为Cookie标头值不能为空。
请参见RFC2965,3.3.4。
var tmp = document。 cookie;
document.cookie ='''';
sendRequest();
document.cookie = tmp;
(?)
绝对不是。可以很容易地证明,将空字符串分配给
document.cookie不会删除此资源的所有cookie。
正确。我忘了(我用饼干客户端玩了一段时间)
cookie属性就像电子diod一样:它有不同的
抵抗取决于它使用的表达方式。
在右侧,它具有零阻力。所以说:
var foo = document.cookie;
你抓住所有可用于
给定文件的属性的cookie。
在左侧,它具有高阻力。因此,您只能在一次性地处理一个
cookie,所以说:
document.cookie = foo;
document.cookie = bar;
你不是用酒吧来覆盖foo,而是设置两个单独的饼干
(foo和bar)。
所以建议算法,如果它确实是唯一的方式(我不知道
,实际上我希望不是)必须调整为更复杂的
方式:
1)抓住所有的饼干
var foo = document.cookie;
2)解析cookie字符串foo,提取每个单独的cookie并使其成为
过期(或用空字符串覆盖它):
document.cookie = cookie1;
document.cookie = cookie2;
等
3)发送请求。
4)恢复使用与步骤2相同的算法返回所有cookie。
其中一个每10ms更新一次 :-) ajaxoids这种方法非常有问题可行。对于单个或罕见的请求,它是可行的:
如果没有比这更好的
。
Say I wrote an ajax script to send out HTTP requests via ajax. Any
cookies that I have associated with that site will be sent along with
this HTTP request. Is there a way to prevent this from happening? I
tried the following to no avail:
http.setRequestHeader(''Cookie'','''');
yawnmoth wrote:Say I wrote an ajax script to send out HTTP requests via ajax. Any
cookies that I have associated with that site will be sent along with
this HTTP request. Is there a way to prevent this from happening? I
tried the following to no avail:
http.setRequestHeader(''Cookie'','''');
var tmp = document.cookie;
document.cookie = '''';
sendRequest();
document.cookie = tmp;
( ? )
VK wrote:
yawnmoth wrote:Say I wrote an ajax script to send out HTTP requests via ajax. Any
cookies that I have associated with that site will be sent along with
this HTTP request. Is there a way to prevent this from happening?
I don''t think so. Why would that be necessary anyway?
I tried the following to no avail:
http.setRequestHeader(''Cookie'','''');
This cannot work because the Cookie header value must not be empty.
See RFC2965, 3.3.4.
var tmp = document.cookie;
document.cookie = '''';
sendRequest();
document.cookie = tmp;
( ? )
Definitely not. As can be proven easily, assigning the empty string to
document.cookie does not delete all cookies for this resource.
It merely adds a new session cookie with empty name and value for the
current domain and path -- although that particular behavior may be
UA-dependent (I tested with Firefox 1.5.0.1/Linux).
Tests with that UA also indicate that since it is not possible to determine
what the domain and path components were when a cookie was set, it is not
possible to delete it reliably using the value of document.cookies only as
it is not possible to delete a cookie when domain and path component do not
match (implicitly).
PointedEars
Thomas ''PointedEars'' Lahn wrote:VK wrote:yawnmoth wrote:Say I wrote an ajax script to send out HTTP requests via ajax. Any
cookies that I have associated with that site will be sent along with
this HTTP request. Is there a way to prevent this from happening?
I don''t think so. Why would that be necessary anyway?
I tried the following to no avail:
http.setRequestHeader(''Cookie'','''');
This cannot work because the Cookie header value must not be empty.
See RFC2965, 3.3.4.var tmp = document.cookie;
document.cookie = '''';
sendRequest();
document.cookie = tmp;
( ? )
Definitely not. As can be proven easily, assigning the empty string to
document.cookie does not delete all cookies for this resource.
Right. I forgot (it was a while I played with cookies client-side) that
cookie property works like an electric diod: it has different
"resistance" depending on what side of expression it is used.
On the right side it has "zero resistance" so by saying:
var foo = document.cookie;
you are grabbing all cookies with all attributes available for the
given document.
On the left side it has "high resistance" so you can address only one
cookie at time, so by saying:
document.cookie = foo;
document.cookie = bar;
you are not overriding foo by bar, but setting two separate cookies
(foo and bar).
So the proposed algorithm, if it''s indeed the only way (I don''t know
and actually I hope not) must be adjusted into a much more complicated
way:
1) grab all cookies by
var foo = document.cookie;
2) Parse cookie string "foo", extract each separate cookie and make it
expired (or override it with empty string):
document.cookie = cookie1;
document.cookie = cookie2;
etc.
3) Send request.
4) Restore all cookies back using the same algorithm as on step 2.
For one of these "update every 10ms" :-) ajaxoids this approach is very
questionnable to work. For a single or rare requests it is doable:
again if there is nothing better than that.
这篇关于发送没有cookie的http请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
