cookie 值应该进行 URL 编码吗? [英] Should cookie values be URL encoded?

问题描述

在设置 cookie 时，PHP 对 cookie 值进行 url 编码(至少在不使用 setrawcookie 时)并且它在将 cookie 值提供给用户之前对 cookie 值进行 url 解码$_COOKIE 中的应用程序.

When setting cookies, PHP url-encodes the cookie value (at least when not using setrawcookie) and it url-decodes the cookie value before making it available to the application in $_COOKIE.

这是公认的标准吗?如果我设置 a%3Db 的原始 cookie 值，我会在大多数网络编程语言中返回 a=b(通过它们各自的 cookie 读取机制)吗?>

Is this an accepted standard? If I set a raw cookie value of a%3Db, would I get back a=b in most web programming languages (through their respective cookie-reading mechanisms)?

推荐答案

是的.虽然它不是要求，但RFC6265中提到了以下内容a>(重点在原文档，未添加)

Yes. While it's not required per the spec, the following is mentioned in RFC6265 (emphasis is in the original document, not added)

为了最大限度地提高与用户代理的兼容性，服务器希望将任意数据存储在 cookie 值中应该对该数据进行编码，例如例如，使用 Base64 [RFC4648].

To maximize compatibility with user agents, servers that wish to store arbitrary data in a cookie-value SHOULD encode that data, for example, using Base64 [RFC4648].

根据我的经验，大多数用于 cookie 的 Web 框架和库都有编码/解码 cookie 值的方法.在许多情况下，尤其是.在框架和高级语言中，这被抽象出来并自动完成.

In my experience, most web frameworks and libraries for cookies have methods for encoding/decoding cookie values. In many cases, esp. in frameworks and high-level languages, this is abstracted away and done automatically.

这个答案提供了 cookie 允许值背后的相当详细的历史记录.您可能会感兴趣.

This answer provides a fairly detailed of the history behind the values allowed in cookies. Might be of interest to you.

这篇关于cookie 值应该进行 URL 编码吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！