localhost上的Cookie与显式域 [英] Cookies on localhost with explicit domain
问题描述
我必须缺少一些关于饼干的基本事情。在localhost上,当我在服务器端设置cookie 和明确指定域为localhost(或.localhost)。
Firefox 3.5:我检查了Firebug中的HTTP请求。我看到的是:
Set-Cookie:
name = value;
domain = localhost;
expires = Thu,2009年7月16日21:25:05 GMT;
path = /
或(当我将域设置为.localhost时) p>
Set-Cookie:
name = value;
domain = .localhost;
expires = Thu,2009年7月16日21:25:05 GMT;
path = /
在任一种情况下,都不会存储cookie。
IE8:我没有使用任何额外的工具,但cookie似乎没有存储,因为它不会在后续请求中发回。
Opera 9.64: localhost和.localhost 都有效,但是当我在偏好设置中检查Cookie列表时,该域被设置为localhost.local,即使它列在localhost下(在列表分组中)。
Safari 4: localhost 工作,但它们在首选项中始终列为.localhost。另一方面,没有显式域的cookie只显示为localhost(无点)。
localhost的问题是什么?因为这么多的incostency,必须有一些特殊的规则涉及localhost。另外,我不清楚为什么域必须以点为前缀? RFC 2109明确指出:
域属性的值
不包含嵌入的点或不包含
start
为什么?文档表明它必须做一些与安全性。我不得不承认,我没有阅读整个规范(可能做它latet),但它听起来有点奇怪。基于此,在localhost上设置cookie是不可能的。
按照设计,域名必须至少有两个点;否则浏览器会认为它们无效。 (请参阅 http://curl.haxx.se/rfc/cookie_spec.html)
在 localhost 上工作时,必须完全省略Cookie域。只需将其设置为或 NULL 或 FALSE
对于PHP,请参阅 http://php.net/manual/en/function.setcookie.php#73107 。 p>
如果使用Java Servlet API,请不要调用 cookie.setDomain(...)方法
I must be missing some basic thing about cookies. On localhost, when I set a cookie on server side and specify the domain explicitly as localhost (or .localhost). the cookie does not seem to be accepted by some browsers.
Firefox 3.5: I checked the HTTP request in Firebug. What I see is:
Set-Cookie:
name=value;
domain=localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
or (when I set the domain to .localhost):
Set-Cookie:
name=value;
domain=.localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
In either case, the cookie is not stored.
IE8: I did not use any extra tool, but the cookie does not seem to be stored as well, because it’s not being sent back in subsequent requests.
Opera 9.64: Both localhost and .localhost work, but when I check the list of cookies in Preferences, the domain is set to localhost.local even though it’s listed under localhost (in the list grouping).
Safari 4: Both localhost and .localhost work, but they are always listed as .localhost in Preferences. On the other hand, a cookie without an explicit domain, it being shown as just localhost (no dot).
What is the problem with localhost? Because of such a number of incostencies, there must be some special rules involving localhost. Also, it’s not completely clear to me why domains must be prefixed by a dot? RFC 2109 explicitly states that:
The value for the Domain attribute contains no embedded dots or does not start with a dot.
Why? The document indicates it has to do something with security. I have to admit that I have not read the entire specification (may do it latet), but it sounds a bit strange. Based on this, setting cookies on localhost would be impossible.
By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/cookie_spec.html)
When working on localhost, the cookie domain must be omitted entirely. Just setting it to "" or NULL or FALSE instead of "localhost" is not enough.
For PHP, see comments on http://php.net/manual/en/function.setcookie.php#73107.
If working with the Java Servlet API, don't call the cookie.setDomain("...") method at all.
这篇关于localhost上的Cookie与显式域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
