localhost上的Cookie与显式域 [英] Cookies on localhost with explicit domain
问题描述
我必须缺少一些关于饼干的基本事情。在localhost上,当我在服务器端设置cookie 和明确指定域为localhost(或.localhost)。
Firefox 3.5:我检查了Firebug中的HTTP请求。我看到的是:
Set-Cookie:
name = value;
domain = localhost;
expires = Thu,2009年7月16日21:25:05 GMT;
path = /
或(当我将域设置为.localhost时) p>
Set-Cookie:
name = value;
domain = .localhost;
expires = Thu,2009年7月16日21:25:05 GMT;
path = /
在任一种情况下,都不会存储cookie。
IE8:我没有使用任何额外的工具,但cookie似乎没有存储,因为它不会在后续请求中发回。
Opera 9.64: localhost和.localhost 都有效,但是当我在偏好设置中检查Cookie列表时,该域被设置为localhost.local,即使它列在localhost下(在列表分组中)。
Safari 4: localhost 工作,但它们在首选项中始终列为.localhost。另一方面,没有显式域的cookie只显示为localhost(无点)。
localhost的问题是什么?因为这么多的incostency,必须有一些特殊的规则涉及localhost。另外,我不清楚为什么域必须以点为前缀? RFC 2109明确指出:
域属性的值
不包含嵌入的点或不包含
start
为什么?文档表明它必须做一些与安全性。我不得不承认,我没有阅读整个规范(可能做它latet),但它听起来有点奇怪。基于此,在localhost上设置cookie是不可能的。
按照设计,域名必须至少有两个点;否则浏览器会认为它们无效。 (请参阅 http://curl.haxx.se/rfc/cookie_spec.html)
在 localhost
上工作时,必须完全省略Cookie域。只需将其设置为或
NULL
或 FALSE
对于PHP,请参阅 http://php.net/manual/en/function.setcookie.php#73107 。 p>
如果使用Java Servlet API,请不要调用 cookie.setDomain(...)
方法
I must be missing some basic thing about cookies. On localhost, when I set a cookie on server side and specify the domain explicitly as localhost (or .localhost). the cookie does not seem to be accepted by some browsers.
Firefox 3.5: I checked the HTTP request in Firebug. What I see is:
Set-Cookie:
name=value;
domain=localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
or (when I set the domain to .localhost):
Set-Cookie:
name=value;
domain=.localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
In either case, the cookie is not stored.
IE8: I did not use any extra tool, but the cookie does not seem to be stored as well, because it’s not being sent back in subsequent requests.
Opera 9.64: Both localhost and .localhost work, but when I check the list of cookies in Preferences, the domain is set to localhost.local even though it’s listed under localhost (in the list grouping).
Safari 4: Both localhost and .localhost work, but they are always listed as .localhost in Preferences. On the other hand, a cookie without an explicit domain, it being shown as just localhost (no dot).
What is the problem with localhost? Because of such a number of incostencies, there must be some special rules involving localhost. Also, it’s not completely clear to me why domains must be prefixed by a dot? RFC 2109 explicitly states that:
The value for the Domain attribute contains no embedded dots or does not start with a dot.
Why? The document indicates it has to do something with security. I have to admit that I have not read the entire specification (may do it latet), but it sounds a bit strange. Based on this, setting cookies on localhost would be impossible.
By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/cookie_spec.html)
When working on localhost
, the cookie domain must be omitted entirely. Just setting it to ""
or NULL
or FALSE
instead of "localhost"
is not enough.
For PHP, see comments on http://php.net/manual/en/function.setcookie.php#73107.
If working with the Java Servlet API, don't call the cookie.setDomain("...")
method at all.
这篇关于localhost上的Cookie与显式域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!