Google Chrome浏览器Cookie - HTTP& HTTPS [英] Google Chrome Cookies - HTTP & HTTPS

问题描述

我有一个网站将www.example.com用于标准网页，并将secure.example.com用于HTTPS。
我试图设置一个cookie，当用户登录，将有效的HTTP&网站的HTTPS版本。

I have a site that uses www.example.com for standard pages and secure.example.com for HTTPS. I am trying to set a cookie when user logs in that will be valid on both the HTTP & HTTPS versions of the site.

我这样做是通过将路径设置为/和域到.example.com。这在Firefox和Internet Explorer中工作正常，但在Chrome中，Cookie仅在设置的网站版本上有效（ http://www.example.com 或 https://secure.example.com ）

I am doing this by setting path to "/" and domain to ".example.com". This works fine in Firefox and Internet Explorer, but in Chrome the cookie is only working on the version of the site where it was set (http://www.example.com or https://secure.example.com)

这是一个错误还是我做错了什么？如果是错误，是否有解决方法？

Is this a bug or am I doing something wrong? If it's a bug is there a workaround?

Cookie由标头中的PHP设置。

The cookie is being set by PHP in headers.

setcookie("login",base64_encode($email."::".md5($password)),2840184012,"/",".example.com");

推荐答案

您不能同时为HTTP和HTTPS同一时间。您需要设置两个单独的Cookie，一个用于HTTP，另一个用于HTTPS：

You cannot set a cookie for both HTTP and HTTPS at the same time. You need to set two separate cookies, one for HTTP and one for HTTPS:

setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com");
setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com", true);

只有在 https://secure.example.com ，因为您只能通过HTTPS设置安全Cookie。

This does only work if you set the cookies in https://secure.example.com as you can only set secure cookies via HTTPS.

哦，顺便说一句：不是将认证信息存储在cookie中！请改用一次有效的验证凭证。

Oh, and by the way: Do not store the authentication information in a cookie! Use a once valid authentication token instead.

这篇关于Google Chrome浏览器Cookie - HTTP& HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！