Cookie值是否应该使用URL编码? [英] Should cookie values be URL encoded?
问题描述
设置cookie时,PHP对cookie值进行URL编码(至少在不使用 setrawcookie
时)并通过URL对cookie值进行解码在 $ _ COOKIE
中将其提供给应用程序之前。
When setting cookies, PHP url-encodes the cookie value (at least when not using setrawcookie
) and it url-decodes the cookie value before making it available to the application in $_COOKIE
.
这是公认的标准吗?如果我将原始Cookie值设置为 a%3Db
,在大多数Web编程语言中,我是否会返回 a = b
(通过它们各自的cookie读取机制)?
Is this an accepted standard? If I set a raw cookie value of a%3Db
, would I get back a=b
in most web programming languages (through their respective cookie-reading mechanisms)?
推荐答案
是。虽然根据规范不是必需,但 RFC6265 (强调在原始文档中,未添加)
Yes. While it's not required per the spec, the following is mentioned in RFC6265 (emphasis is in the original document, not added)
为最大程度地提高与用户代理的兼容性,希望使用
的服务器将任意数据存储在cookie值中,应使用Base64 [RFC4648]以
为例对数据进行编码。
To maximize compatibility with user agents, servers that wish to store arbitrary data in a cookie-value SHOULD encode that data, for example, using Base64 [RFC4648].
根据我的经验,大多数cookie的Web框架和库都具有编码/解码cookie值的方法。在许多情况下,尤其是。在框架和高级语言中,这是抽象的并自动完成。
In my experience, most web frameworks and libraries for cookies have methods for encoding/decoding cookie values. In many cases, esp. in frameworks and high-level languages, this is abstracted away and done automatically.
此答案提供了cookie允许值背后的相当详细的历史记录。您可能会感兴趣。
This answer provides a fairly detailed of the history behind the values allowed in cookies. Might be of interest to you.
这篇关于Cookie值是否应该使用URL编码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!