具有显式域的本地主机上的 Cookie [英] Cookies on localhost with explicit domain
问题描述
我一定遗漏了一些关于 cookie 的基本知识.在本地主机上,当我在服务器端和设置 cookie 时,将域明确指定为本地主机(或 .localhost).某些浏览器似乎不接受该 cookie.
I must be missing some basic thing about cookies. On localhost, when I set a cookie on server side and specify the domain explicitly as localhost (or .localhost). the cookie does not seem to be accepted by some browsers.
Firefox 3.5: 我在 Firebug 中检查了 HTTP 请求.我看到的是:
Firefox 3.5: I checked the HTTP request in Firebug. What I see is:
Set-Cookie:
name=value;
domain=localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
或(当我将域设置为 .localhost 时):
or (when I set the domain to .localhost):
Set-Cookie:
name=value;
domain=.localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
无论哪种情况,都不会存储 cookie.
In either case, the cookie is not stored.
IE8:我没有使用任何额外的工具,但 cookie 似乎也没有被存储,因为它不会在后续请求中被发送回来.
IE8: I did not use any extra tool, but the cookie does not seem to be stored as well, because it’s not being sent back in subsequent requests.
Opera 9.64: localhost 和 .localhost 工作,但是当我检查首选项中的 cookie 列表时,该域设置为 localhost.local 即使它已列出在 localhost 下(在列表分组中).
Opera 9.64: Both localhost and .localhost work, but when I check the list of cookies in Preferences, the domain is set to localhost.local even though it’s listed under localhost (in the list grouping).
Safari 4: localhost 和 .localhost 工作,但它们总是在 Preferences 中列为 .localhost.另一方面,一个没有明确域的 cookie,它只显示为 localhost(没有点).
Safari 4: Both localhost and .localhost work, but they are always listed as .localhost in Preferences. On the other hand, a cookie without an explicit domain, it being shown as just localhost (no dot).
localhost 有什么问题?由于存在如此多的不一致,必然有一些涉及localhost的特殊规则.另外,我也不完全清楚为什么域必须以点为前缀?RFC 2109 明确指出:
What is the problem with localhost? Because of such a number of inconsistencies, there must be some special rules involving localhost. Also, it’s not completely clear to me why domains must be prefixed by a dot? RFC 2109 explicitly states that:
域属性的值不包含嵌入点或不包含以点开头.
The value for the Domain attribute contains no embedded dots or does not start with a dot.
为什么?该文件表明它必须做一些与安全有关的事情.我不得不承认我没有阅读整个规范(可能会在以后阅读),但这听起来有点奇怪.基于此,在本地主机上设置 cookie 是不可能的.
Why? The document indicates that it has to do something with security. I have to admit that I have not read the entire specification (may do it later), but it sounds a bit strange. Based on this, setting cookies on localhost would be impossible.
推荐答案
按照设计,域名必须至少有两个点;否则浏览器会认为它们无效.(请参阅 http://curl.haxx.se/rfc/cookie_spec.html 上的参考资料)
By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/cookie_spec.html)
在localhost
上工作时,cookie 域必须完全省略.您不应将其设置为 ""
或 NULL
或 FALSE
而不是 "localhost"
.这还不够.
When working on localhost
, the cookie domain must be omitted entirely. You should not set it to ""
or NULL
or FALSE
instead of "localhost"
. It is not enough.
对于 PHP,请参阅对 http://php.net/manual/的评论en/function.setcookie.php#73107.
For PHP, see comments on http://php.net/manual/en/function.setcookie.php#73107.
如果使用 Java Servlet API,则根本不要调用 cookie.setDomain("...")
方法.
If working with the Java Servlet API, don't call the cookie.setDomain("...")
method at all.
这篇关于具有显式域的本地主机上的 Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!