Cookie2规范的当前状态是什么? [英] What is the current state of the Cookie2 specification?
问题描述
您有关于实现/计划实现HTTP 1.1规范的这一部分的浏览器的一些信息吗?此外,什么框架已经实现此功能。我已经完成了我的Google调查,但我想知道是否还有其他问题。
此外,您/您会使用它吗?你会发现它比Cookie / Set-Cookie实现更好吗?
我将主要回答第二部分。 p>
我最近做了一些研究,现在坚持认为没有,它没有准备好使用,我不会使用它。
找到适合当前浏览器和代理的现有规范的具体数据很困难,因为Cookie开始是专有的浏览器扩展,并继续添加专有功能,例如最新的http -only标志。我认为总体上行业继续使用这种准Netscape风格与RFC 2109实现混合,除了有关第三方Cookie的更宽松的规则和一些奇怪的行为有时与非引用的字符串。
对于我是否觉得更好,读取规范确实显示了它的好处 - 即客户端现在传回的路径,域和端口参数作为美元参数,因此Web应用程序知道使用哪些参数来删除/覆盖该Cookie。使用cookie存储评论的能力将是用户一天的胜利,因此他们有机会看到cookie是什么的纯文本解释,但除非浏览器开始警告人们有关cookie,谁会看到
需要同时发送一个set-cookie和set-cookie2头,这也让我厌烦了纯粹主义者,因为客户端需要发送一个Cookie2头除了Cookie标头,当我看着它,这似乎不必要。 YMMV。
编辑:我在两年前写了这个答案 RFC 6265 出来了。 RFC 6265声明Cookie2规范已过时,使此答案不再相关(但仍然可能很有趣)。
Do you have some information regarding browsers that implement/plan to implement this part of the HTTP 1.1 specification? Additionally, what frameworks have already implemented this feature. I've done my Google research but I'd like to know if there's something else.
Also, do/would you use it? Do you find it better than the Cookie/Set-Cookie implementation?
I'll mainly answer the second part.
I did some research into it recently and am now firmly of the opinion that no, it is not ready for use, and I would not use it.
Finding concrete data on the existing specification that will work with current browsers and proxies is difficult, because cookies started out as a proprietary browser extension and continue to have proprietary features added, like the most recent "http-only" flag. I think by and large the industry has continued to use this quasi "Netscape-style" mixed with RFC 2109 implementation, except with more loose rules about third-party cookies and some strange behaviour sometimes with non-quoted strings.
As for whether I find it better, a read through of the spec does certainly show its benefits - ie, the client now passes back the path, domain and port parameters as 'dollar' parameters, so a web app knows what parameters to use to delete/overwrite that cookie. The ability to store comments with the cookies will be a win for the user one day, so they get the chance to see a plain text explanation of what the cookie is for, but unless browsers start warning people about cookies, who is going to see them?
The need to send both a set-cookie and set-cookie2 header also upset the purist in me, as did the need for a client to send a Cookie2 header in addition to the Cookie header, which seemed unnecessary when I looked at it. YMMV.
Edit: I wrote this answer two years before RFC 6265 came out. RFC 6265 declares the Cookie2 specification obsolete, making this answer no longer relevant (but still possibly interesting).
这篇关于Cookie2规范的当前状态是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
