subdomain.example.com可以设置一个example.com可以读取的cookie吗? [英] Can subdomain.example.com set a cookie that can be read by example.com?
问题描述
我简直不敢相信这很难确定.
I simply cannot believe this is quite so hard to determine.
即使阅读了 RFC,我也不清楚 subdomain.example.com 上的服务器是否可以设置 example.com 可以读取的 cookie.
Even having read the RFCs, it's not clear to me if a server at subdomain.example.com can set a cookie that can be read by example.com.
subdomain.example.com 可以设置一个域属性为.example.com 的cookie.RFC 2965 似乎明确声明不会将此类 cookie 发送到 example.com,但同样表示,如果您设置 Domain=example.com,则会在前面加上一个点,就像您说的 .example.com 一样.综上所述,这似乎是说,如果 example.com 返回设置了一个带有 Domain=example.com 的 cookie,则它不会取回该 cookie!这不可能是对的.
subdomain.example.com can set a cookie whose Domain attribute is .example.com. RFC 2965 seems to explicitly state that such a cookie will not be sent to example.com, but then equally says that if you set Domain=example.com, a dot is prepended, as if you said .example.com. Taken together, this seems to say that if example.com returns sets a cookie with Domain=example.com, it doesn't get that cookie back! That can't be right.
谁能解释一下规则到底是什么?
Can anyone clarify what the rules really are?
推荐答案
是.
如果您确定指定域为 .example.com,则 *.example.com 和 example.com 可以访问它.
If you make sure to specify that the domain is .example.com, then *.example.com and example.com can access it.
正是这个原则允许在有人访问 www.website.com 时发布 cookie 的网站在有人离开 www 而访问 website.com 时访问 cookie.
It's that principal that allows websites that issue cookies when somebody goes to www.website.com to access cookies when someone leaves off the www, going to website.com.
来自关于 cookie 的 PHP 文档:
From the PHP documentation about cookies:
domain cookie 所在的域可用的.做饼干可用于所有子域example.com 然后你将它设置为'.example.com'.这 .不需要但使它兼容更多浏览器.将其设置为www.example.com 将制作 cookie仅在 www 子域中可用.参考 » 规范中的尾部匹配详情.http://php.net/manual/en/function.setcookie.php
domain The domain that the cookie is available. To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers. Setting it to www.example.com will make the cookie only available in the www subdomain. Refer to tail matching in the » spec for details. http://php.net/manual/en/function.setcookie.php
它不是 PHP 独有的.
And it's not unique to PHP.
这篇关于subdomain.example.com可以设置一个example.com可以读取的cookie吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
