有效Cookie值的明确指南 [英] Definite guide to valid Cookie values

问题描述

我知道还有其他问题，但他们似乎有答案是假设而不是确定。

I know there are other questions but they seem to have answers which are assumptions rather than being definitive.

我有限的理解是cookie值是：

My limited understanding is that cookie values are:

• 分号已被用于分隔单个cookie中的cookie属性。


• 等于符号用于单独的cookie名称和值


• 冒号用于分隔标题中的多个Cookie。

还有其他特殊字符吗？

Are there any other "special" characters ?

其他一些q / a建议一个base64对值进行编码，但这当然可能包括等于当然无效的等号。

Some other q/a suggest that one base64 encodes the value but this does of course may include equals signs which of course are not valid.

我也看到了一些建议，可能会引用这些值，但会导致其他问题。

i have also seen some suggestions that values may be quoted this however leads to other questions.

• 需要引用特殊字符？


• do quoted values支持通常的反斜杠转义机制。

RFC
我读了一些RFC，包括许多cookie RFCS中的一些，但我仍然不确定是否存在对另一个RFC等的交叉引用，没有明确的简单解释或回答我的查询的样本。

RFC I read a few RFCs including some of the many cookie RFCS but i am still unsure as there is cross reference to another RFC etc with no definitive simple explaination or sample that "answers" my query.

希望没有人会说读取RFC，因为问题变成了哪个RFC ......

我想我也读到不同的浏览器规则略有不同，所以如果这很重要，请在答案中注明。

I think i have also read that different browsers have slightly different rules so hopefully please note this in your answers if this matters.

推荐答案

最新的RFC是 6265 ，它声明以前的Cookie RFC已经过时。

The latest RFC is 6265, and it states that previous Cookie RFCs are obsoleted.

以下是RFC中的语法规则：

Here's what the syntax rules in the RFC say:

 cookie-pair       = cookie-name "=" cookie-value
 cookie-name       = token
 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash

因此：

• 特殊字符是空格字符，双引号，逗号，分号和反斜杠。等号不是特殊字符。

• The special characters are white-space characters, double quote, comma, semicolon and backslash. Equals is not a special character.

特殊字符根本不能使用，但双引号可以包围该值。

The special characters cannot be used at all, with the exception that double quotes may surround the value.

不能引用特殊字符。

反斜杠不能作为转义。

接下来可以使用base-64编码，因为equals并不特殊。

It follows that base-64 encoding can be used, because equals is not special.

最后，据我所知，定义了RFC 6265 cookie值，以便它们可以与任何实现任何Cookie RFC的浏览器一起使用。但是，如果您尝试使用不符合RFC 6265的cookie值（但可以说确实符合早期的RFC），您可能会发现cookie行为因浏览器而异。

Finally, from what I can tell, the RFC 6265 cookie values are defined so that they will work with any browser that implements any of the Cookie RFCs. However, if you tried to use cookie values that don't conform to RFC 6265 (but do arguably do conform to earlier RFCs), you may find that cookie behavior varies with different browsers.

简而言之，符合RFC 6265的字母，你应该没问题。

In short, conform to the letter of RFC 6265 and you should be fine.

这篇关于有效Cookie值的明确指南的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！