ASP.NET无法正确处理逗号分隔的Cookie [英] ASP.NET fails to correctly handle comma delimited cookies

问题描述

根据 RFC ，CookieHTTP标头中的个别Cookie由逗号和分号分隔。但是，ASP.NET不会正确解析逗号分隔符 - 它不会将逗号作为分隔符，而是将其视为值的一部分。

示例
如果客户端发送标头 Cookie：a = b，c = d ，那么ASP.NET应用程序将只看到一个名为作为特殊情况，同样的事情发生在客户端发送多个Cookie头（每个cookie为一个cookie）时，将所有Cookie组合在一个标头中。从HTTP的角度来看，这是完全有效的，在这种情况下，头的有效值应该是所有其实例的值的连接，以逗号分隔。

知道一个解决方法（或也许一个修复？）为此？我绝对需要得到这个工作，因为我不控制客户端。

具有讽刺意味的是，根据这个线程，.NET内置的HTTP客户端（又名HttpWebRequest）行为恰恰相反，也导致了问题。 ： - ）

解决方案

我认为最简单的解决方案是获得所需的行为（不管标准正确性）是创建一个HttpModule它将正确解析来自HttpContext.Request.Headers的此信息，并将更正的信息放在HttpContext.Request.Cookies中。

According to the RFC, individual cookies in the "Cookie" HTTP header may be separated by commas as well as by semicolons. However, ASP.NET does not parse the commas case correctly - it does not count comma as a separator, but considers it just part of the value.

For example If a client sends header Cookie: a=b, c=d, then the ASP.NET application will see just one cookie named "a" with value "b, c=d".

As a special case, the same thing happens when the client sends several Cookie headers (one for each cookie) instead of combining all cookies in one header. From HTTP perspective, this is completely valid, and in such case the effective value of the header should be concatenation of the values of all its instances separated by commas.

Does anybody know a workaround (or maybe a fix?) for this? I absolutely need to get this working, because I don't control the client.

P.S. It is ironic that, according to this thread, the .NET built-in HTTP client's (aka HttpWebRequest) behavior is just the opposite, and also causes problems. :-)

解决方案

I believe the simplest solution to getting the behavior desired (regardless of standards correctness) would be to create an HttpModule that would correctly parse this information from the HttpContext.Request.Headers and place corrected information in HttpContext.Request.Cookies.

这篇关于ASP.NET无法正确处理逗号分隔的Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！