具有显式域的本地主机上的 Cookie [英] Cookies on localhost with explicit domain
问题描述
我一定遗漏了一些关于 cookie 的基本知识.在本地主机上,当我在服务器端和设置 cookie 时,将域明确指定为本地主机(或 .localhost).某些浏览器似乎不接受该 cookie.
I must be missing some basic thing about cookies. On localhost, when I set a cookie on server side and specify the domain explicitly as localhost (or .localhost). the cookie does not seem to be accepted by some browsers.
Firefox 3.5: 我在 Firebug 中检查了 HTTP 请求.我看到的是:
Firefox 3.5: I checked the HTTP request in Firebug. What I see is:
Set-Cookie:
name=value;
domain=localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
或(当我将域设置为 .localhost 时):
or (when I set the domain to .localhost):
Set-Cookie:
name=value;
domain=.localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
无论哪种情况,都不会存储 cookie.
In either case, the cookie is not stored.
IE8:我没有使用任何额外的工具,但 cookie 似乎也没有被存储,因为它不会在后续请求中被发送回来.
IE8: I did not use any extra tool, but the cookie does not seem to be stored as well, because it’s not being sent back in subsequent requests.
Opera 9.64: localhost 和 .localhost 工作,但是当我检查首选项中的 cookie 列表时,该域设置为 localhost.local 即使它已列出在 localhost 下(在列表分组中).
Opera 9.64: Both localhost and .localhost work, but when I check the list of cookies in Preferences, the domain is set to localhost.local even though it’s listed under localhost (in the list grouping).
Safari 4: localhost 和 .localhost 工作,但它们总是在 Preferences 中列为 .localhost.另一方面,一个没有明确域的 cookie,它只显示为 localhost(没有点).
Safari 4: Both localhost and .localhost work, but they are always listed as .localhost in Preferences. On the other hand, a cookie without an explicit domain, it being shown as just localhost (no dot).
localhost 有什么问题?由于存在如此多的不一致,必然有一些涉及localhost的特殊规则.另外,我也不完全清楚为什么域必须以点为前缀?RFC 2109 明确指出:
What is the problem with localhost? Because of such a number of inconsistencies, there must be some special rules involving localhost. Also, it’s not completely clear to me why domains must be prefixed by a dot? RFC 2109 explicitly states that:
域属性的值不包含嵌入点或不包含以点开头.
The value for the Domain attribute contains no embedded dots or does not start with a dot.
为什么?该文件表明它必须做一些与安全有关的事情.我不得不承认我没有阅读整个规范(可能会在以后阅读),但这听起来有点奇怪.基于此,在本地主机上设置 cookie 是不可能的.
Why? The document indicates that it has to do something with security. I have to admit that I have not read the entire specification (may do it later), but it sounds a bit strange. Based on this, setting cookies on localhost would be impossible.
推荐答案
按照设计,域名必须至少有两个点;否则浏览器会认为它们无效.(请参阅 http://curl.haxx.se/rfc/cookie_spec.html 上的参考资料)
By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/cookie_spec.html)
在localhost 上工作时,cookie 域必须完全省略.您不应将其设置为 "" 或 NULL 或 FALSE 而不是 "localhost".这还不够.
When working on localhost, the cookie domain must be omitted entirely. You should not set it to "" or NULL or FALSE instead of "localhost". It is not enough.
对于 PHP,请参阅对 http://php.net/manual/的评论en/function.setcookie.php#73107.
For PHP, see comments on http://php.net/manual/en/function.setcookie.php#73107.
如果使用 Java Servlet API,则根本不要调用 cookie.setDomain("...") 方法.
If working with the Java Servlet API, don't call the cookie.setDomain("...") method at all.
这篇关于具有显式域的本地主机上的 Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
