如何通过 Ajax 调用修改 Cookie [英] How to modify Cookie from Ajax call

问题描述

我有这个代码:

window.onload = function() {
        document.cookie = 'foo=bar; expires=Sun, 01 Jan 2012 00:00:00 +0100; path=/';
        var xhr = new XMLHttpRequest();
        xhr.open("GET", "/showcookie.php",true);
        xhr.setRequestHeader("Cookie", "foo=quux");

        xhr.setRequestHeader("Foo", "Bar");
        xhr.setRequestHeader("Foo", "Baz");

        xhr.withCredentials = true;
        var pre = document.getElementById('output');
        xhr.onreadystatechange = function() {
            if (4 == xhr.readyState) {
                pre.innerHTML += xhr.responseText + "
";
            }
        };
        xhr.send(null);
    };

还有这个/showcookie.php

and this /showcookie.php

<?php

print_r($_COOKIE);

?>

它总是显示

Array
(
    [Host] => localhost
    [User-Agent] => 
    [Accept] => 
    [Accept-Language] => pl,en-us;q=0.7,en;q=0.3
    [Accept-Encoding] => gzip,deflate
    [Accept-Charset] => ISO-8859-2,utf-8;q=0.7,*;q=0.7
    [Keep-Alive] => 115
    [Connection] => keep-alive
    [foo] => Baz
    [Referer] =>
    [Cookie] => foo=bar
)

Array
(
    [foo] => bar
)

我在 Ubuntu 上使用 Firefox 3.6.13、Opera 11.00 和 Chromium 9.0.

I'm using Firefox 3.6.13, Opera 11.00 and Chromium 9.0 on Ubuntu.

是否有人有同样的问题，或者可能无法修改 Cookie 标头.

Is anybody have the same problem or maybe it's impossible to modify Cookie header.

推荐答案

Cookie 标头是无法在 XMLHttpRequest 中修改的几个标头之一.来自规范:

The Cookie header is one of several which cannot be modified in an XMLHttpRequest. From the specification:

终止 [setRequestHeader 方法的执行] 如果 header 是一个不区分大小写的匹配之一以下标题:

Terminate [execution of the setRequestHeader method] if header is a case-insensitive match for one of the following headers:

• 接受字符集
• 接受编码
• 连接
• 内容长度
• 饼干
• Cookie2
• 内容传输编码
• 日期
• 期待
• 主持人
• 保持活力
• 推荐人
• TE
• 预告片
• 传输编码
• 升级
• 用户代理
• 通过

... 或者如果标题的开头是代理不区分大小写匹配或Sec-(包括当标题只是代理-或Sec-).

… or if the start of header is a case-insensitive match for Proxy- or Sec- (including when header is just Proxy- or Sec-).

以上headers由控制用户代理让它控制那些运输方面.这保证一定程度上的数据完整性.标题以 Sec- 开头的名字不是允许设置为允许新标题铸造，保证不来自 XMLHttpRequest.

The above headers are controlled by the user agent to let it control those aspects of transport. This guarantees data integrity to some extent. Header names starting with Sec- are not allowed to be set to allow new headers to be minted that are guaranteed not to come from XMLHttpRequest.

这篇关于如何通过 Ajax 调用修改 Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！