IE发送多个具有相同名称的cookie [英] IE sends multiple cookies with same name
问题描述
我有一个奇怪的错误,在我的网站上的IE7和IE8中重复出现。 IE发送两个名为PHPSESSID的cookie。
如何重现:
1。在IE浏览器中清除cookie。
2。访问http://unisender.com(完全没有www重现!),它将重定向到http://www.unisender.com
3。使用任何有效的用户名和密码登录(我已注册用户名testmsdn,密码为testmsdn - 随时可用于测试)
4。运行您最喜爱的捕获流量计划(我更喜欢wireshark)
5。现在点击任意菜单链接(例如"消息")
6。查看捕获的流量 - 您将看到IE发送双PHPSESSID cookie(并且webiste因此无法登录您)。似乎第一个PHPSESSID来自unisender.com,第二个来自www.unisender.com。
捕获样本:
------------------
GET / en / letter_list HTTP / 1.1
推荐人:http://www.unisender.com/en/intro
接受语言:ru
> User-Agent:Mozilla / 4.0(兼容; MSIE 8.0; Windows NT 6.0; Trident / 4.0; Mozilla / 4.0(兼容; MSIE 6.0; Windows NT 5.1; SV1); SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; FDM; .NET CLR 3.0.30729)
接受编码:gzip,deflate
主持人:www.unisender.com
连接:保持活动
Cookie:authchallenge = 3a9cfcfc9fe33822e3e21d75c8a3d3e4; PHPSESSID = 14ea1cb133632951592397c86eaf037e; us_reg_ref =未知; us_reg_url = HTTP%3A%2F%2Funisender.com%2F; __utma = 1.778517853.1271204400.1271204400.1271204400.1; __utmb = 1.3.10.1271204400; __utmc = 1; __utmz = 1.1271204400.1.1.utmcsr =(直接)| utmccn =(直接)| utmcmd =(无); PHPSESSID = 65e110aeb995a66b9dc8da5656c7a3da; last_login_name = testmsdn
------------------------
I我曾尝试使用会话和非会话cookie,试图使用.unisender.com代替unisender.com获取cookie - 没有任何帮助。
我忘记了这个问题,你很明显。
我想每个名字都应该只有一个cookie 。
我是对的吗?这是IE中的错误吗?如果这是一个错误,那么是否有解决方法?
或者我错了,这是预期的行为?
I have a strange bug which repeats in IE7 and IE8 on my site. IE sends two cookies named PHPSESSID.
How to reproduce:
1. Clear cookies in IE.
2. Visit http://unisender.com (exactly without www to reproduce!) and it will redirect to http://www.unisender.com
3. Login with any valid username and password (I've registered username testmsdn with password testmsdn - feel free to use for testing)
4. Run your favourite capture-the-traffic program (I prefer wireshark)
5. Now click any menu link (e.g. "messages")
6. Look into captured traffic - you will see that IE sends double PHPSESSID cookie (and webiste fails to login you because of this). It seems like first PHPSESSID is from unisender.com and second from www.unisender.com.
Captured sample:
------------------
GET /en/letter_list HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, */*
Referer: http://www.unisender.com/en/intro
Accept-Language: ru
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; FDM; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Host: www.unisender.com
Connection: Keep-Alive
Cookie: authchallenge=3a9cfcfc9fe33822e3e21d75c8a3d3e4; PHPSESSID=14ea1cb133632951592397c86eaf037e; us_reg_ref=unknown; us_reg_url=http%3A%2F%2Funisender.com%2F; __utma=1.778517853.1271204400.1271204400.1271204400.1; __utmb=1.3.10.1271204400; __utmc=1; __utmz=1.1271204400.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=65e110aeb995a66b9dc8da5656c7a3da; last_login_name=testmsdn
------------------------
I've tried to use session and non-session cookies, tried to use .unisender.com instead of unisender.com for cookie - nothing helps.
I forgot the question, thou it's obvious.
I suppose there should be only one cookie with every single name sent.
Am I right? Is it a bug in IE? If it's a bug then is there a workaround?
Or am I wrong and it's an expected behavior?
这篇关于IE发送多个具有相同名称的cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!