subdomain.example.com是否可以设置可由example.com读取的Cookie? [英] Can subdomain.example.com set a cookie that can be read by example.com?
问题描述
我根本不敢相信这是很难确定的。
I simply cannot believe this is quite so hard to determine.
即使读了RFC,我也不清楚,如果一个服务器在subdomain.example.com可设置可由example.com读取的Cookie。
Even having read the RFCs, it's not clear to me if a server at subdomain.example.com can set a cookie that can be read by example.com.
subdomain.example.com可以设置其Domain属性为.example.com的Cookie。 RFC 2965似乎明确声明这样的cookie不会被发送到example.com,但同样地说,如果你设置Domain = example.com,一个点被前置,就像你说.example.com。总之,这似乎说,如果example.com返回设置一个Cookie为Domain = example.com,它不会得到那个cookie!
subdomain.example.com can set a cookie whose Domain attribute is .example.com. RFC 2965 seems to explicitly state that such a cookie will not be sent to example.com, but then equally says that if you set Domain=example.com, a dot is prepended, as if you said .example.com. Taken together, this seems to say that if example.com returns sets a cookie with Domain=example.com, it doesn't get that cookie back! That can't be right.
任何人都可以澄清规则是什么?
Can anyone clarify what the rules really are?
推荐答案
是。
如果您确定要指定域名为.example.com, com和example.com可以访问它。
If you make sure to specify that the domain is .example.com, then *.example.com and example.com can access it.
这是主体,允许网站发出cookie,当有人去www.website.com访问cookie,当有人离开www,去website.com。
It's that principal that allows websites that issue cookies when somebody goes to www.website.com to access cookies when someone leaves off the www, going to website.com.
编辑:从PHP的PHP文档:
From the PHP documentation about cookies:
domain cookie是
的域。要使
的所有子域上的cookie
可用,example.com然后你将它设置为
'.example.com'。的。不需要
,但使它与更多的
浏览器兼容。将其设置为
www.example.com将使cookie
仅在www子域中可用。
有关详细信息,请参阅»spec
中的尾匹配。
http://php.net/manual/en/function.setcookie。 php
这不是PHP的独特之处。
And it's not uniquie to PHP.
这篇关于subdomain.example.com是否可以设置可由example.com读取的Cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
