当 cookie 通过 http 头发送到浏览器时，它会被添加到客户端浏览器吗? [英] When a cookie is sent via http header to a browser will it be added to the client browser?

问题描述

我正在尝试与 API 建立连接.当我调用此 API 的方法时，它会使用通过 HTTP 标头发送的 cookie 值进行响应.

I am trying to make connection with an API. When I call a method to this API, it respond with a cookie value sent via HTTP headers.

这个标题会自动添加到客户端我的浏览器"吗?还是我必须先解析请求并使用 setCookie 创建一个 cookie?

Will this header be automatically added to the client "my browser?" or do I have to parse the request first and create a cookie using setCookie?

如果它没有自动添加 cookie，有没有办法这样做?

if it does not add the cookies automatically, is there a way to do so?

推荐答案

它将由您的 http 客户端自动处理(您无需手动设置).服务器应使用 Set-Cookie 标头(而不是 cookie)进行响应，然后客户端将保存该 cookie，并在下次请求时发送.

It'll be handled automatically by your http client (you don't need to set it manually). Server should respond with Set-Cookie header (not with cookie), then client will save that cookie, and send it on next requests.

设置 cookie

Cookie 是使用 HTTP Set-Cookie 标头设置的，在 HTTP 响应中发送.此标头指示浏览器存储 cookie 并在以后的请求中将其发送回服务器(当然，如果浏览器不支持 cookie 或已禁用 cookie，则浏览器将忽略此标头).

Cookies are set using the HTTP Set-Cookie header, sent in an HTTP response. This header instructs the browser to store the cookie and send it back in future requests to the server (the browser will, of course, ignore this header if it does not support cookies or has disabled cookies).

例如，浏览器将其第一个请求发送到 www.example.org 网站的主页:

As an example, the browser sends its first request to the homepage of the www.example.org website:

GET /index.html HTTP/1.1
Host: www.example.org
...

服务器用两个 Set-Cookie 头响应:

The server responds with two Set-Cookie headers:

HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: theme=light
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT
...

服务器的 HTTP 响应包含网站主页的内容.但它也指示浏览器设置两个 cookie.第一个主题"被认为是会话"cookie，因为它没有 Expires 或 Max-Age 属性.会话 cookie 通常会在浏览器关闭时被浏览器删除.第二个，sessionToken"包含一个Expires"属性，它指示浏览器在特定日期和时间删除cookie.

The server's HTTP response contains the contents of the website's homepage. But it also instructs the browser to set two cookies. The first, "theme", is considered to be a "session" cookie, since it does not have an Expires or Max-Age attribute. Session cookies are typically deleted by the browser when the browser closes. The second, "sessionToken" contains an "Expires" attribute, which instructs the browser to delete the cookie at a specific date and time.

接下来，浏览器发送另一个请求以访问网站上的 spec.html 页面.此请求包含一个 Cookie 标头，其中包含服务器指示浏览器设置的两个 cookie.

Next, the browser sends another request to visit the spec.html page on the website. This request contains a Cookie header, which contains the two cookies that the server instructed the browser to set.

GET /spec.html HTTP/1.1
Host: www.example.org
Cookie: theme=light; sessionToken=abc123
...

这样，服务器就知道这个请求和上一个请求有关.服务器将通过发送请求的页面来回答，并可能使用 Set-Cookie 标头添加其他 cookie.

This way, the server knows that this request is related to the previous one. The server would answer by sending the requested page, and possibly adding other cookies as well using the Set-Cookie header.

服务器可以通过在响应页面请求时包含 Set-Cookie 标头来修改 cookie 的值.然后浏览器用新值替换旧值.

The value of a cookie can be modified by the server by including a Set-Cookie header in response to a page request. The browser then replaces the old value with the new value.

cookie 的值可以包含任何可打印的 ASCII 字符(! 到 ~，unicode \u0021 到 \u007E)，不包括 , 和 ;并排除空格.cookie 的名称不包括相同的字符以及 =，因为这是名称和值之间的分隔符.cookie 标准 RFC 2965 有更多限制，但浏览器并未实现.

The value of a cookie may consist of any printable ASCII character (! through ~, unicode \u0021through \u007E) excluding , and ; and excluding whitespace. The name of a cookie excludes the same characters, as well as =, since that is the delimiter between the name and value. The cookie standard RFC 2965 is more limiting but not implemented by browsers.

术语cookie crumb"有时用于指代 cookie 的名称-值对.

The term "cookie crumb" is sometimes used to refer to a cookie's name-value pair.

Cookie 也可以通过在浏览器中运行的脚本语言(例如 JavaScript)来设置.在 JavaScript 中，对象 document.cookie 用于此目的.例如，指令 document.cookie = "temperature=20" 创建了一个名称为 "temperature" 且值为 "20" 的 cookie.

Cookies can also be set by scripting languages such as JavaScript that run within the browser. In JavaScript, the object document.cookie is used for this purpose. For example, the instruction document.cookie = "temperature=20" creates a cookie of name "temperature" and value "20".

参见维基百科页面

这篇关于当 cookie 通过 http 头发送到浏览器时，它会被添加到客户端浏览器吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！