正确的方式删除Cookie服务器端 [英] Correct way to delete cookies server-side
问题描述
对于我的身份验证过程,我使用 py-bcrypt 创建唯一令牌
因此,我会从服务器发送类似这样的信息:
Set-Cookie:token = $ 2a $ 12 $ T94df7ArHkpkX7RGYndcq.fKU.oRlkVLOkCBNrMilaSWnTcWtCfJC; path = /;
它适用于所有浏览器。然后删除一个cookie,我发送一个类似的cookie与 expires 字段设置1970年1月1日
Set-Cookie:token = $ 2a $ 12 $ T94df7ArHkpkX7RGYndcq.fKU.oRlkVLOkCBNrMilaSWnTcWtCfJC; path = /; expires = Thu,1970年01月01日00:00:00 UTC;
这在Firefox上可以正常工作,但不会删除IE或Safari上的cookie。 >
那么,什么是最好的方式来删除一个cookie(最好没有JavaScript)?过去的设定过期方法似乎庞大。
使用<$ c $发送相同的cookie值c>; expires 追加是一个坏主意,因为你想要销毁内容。
一个更好的想法是通过将值设置为垃圾为空,并且还包含 expires 字段:
Set-Cookie:token = deleted; path = /; expires = Thu,01 Jan 1970 00:00:00 GMT
请注意,您无法强制所有浏览器删除cookie。客户端可以配置浏览器,使cookie保持不变,即使它已过期。如上所述设置值将解决这个问题。
For my authentication process I use py-bcrypt to create a unique token when a user logs in and put that into a cookie which is used for authentication.
So I would send something like this from the server:
Set-Cookie: token=$2a$12$T94df7ArHkpkX7RGYndcq.fKU.oRlkVLOkCBNrMilaSWnTcWtCfJC; path=/;
Which works on all browsers. Then to delete a cookie I send a similar cookie with the expires field set for January 1st 1970
Set-Cookie: token=$2a$12$T94df7ArHkpkX7RGYndcq.fKU.oRlkVLOkCBNrMilaSWnTcWtCfJC; path=/; expires=Thu, Jan 01 1970 00:00:00 UTC;
And that works fine on Firefox but doesn't delete the cookie on IE or Safari.
So what is the best way to delete a cookie (without JavaScript preferably)? The set-the-expires-in-the-past method seems bulky. And also why does this work in FF but not in IE or Safari?
Sending the same cookie value with ; expires appended is a bad idea since you want the contents to be destroyed.
A better idea would be invalidating the cookie by setting the value to rubbish empty and include an expires field as well:
Set-Cookie: token=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Note that you cannot force all browsers to delete a cookie. The client can configure the browser in such a way that the cookie persists, even if it's expired. Setting the value as described above would solve this problem.
这篇关于正确的方式删除Cookie服务器端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
