如何在IE8中为双字母域设置cookie？ [英] How to set cookies for two-letter domains in IE8?

问题描述

因为将短域名与TLD区分开来并非易事，。

与您的问题最相关的是Q6：

IE不会为某些域设置cookie，例如 http： //xx.yy ？

正确。我们的想法是，您不能在无关组织共享的顶级
域上设置cookie。从历史上看，
格式xx.yy的ccTLD是有效的TLD，因此可能不会对其设置cookie。
虽然这种启发式方法从来都不是完美的，但它的价格在15美元以上不变，因此不太可能很快改变。这个问题的
复杂性值得一篇很长的博客文章发表自己的文章— 查看此
帖子。

其他有趣的花絮：

IE的cookie代码似乎不支持
RFC2109中的定义或RFC2965。

Internet Explorer（包括IE8）不会尝试为cookie支持任何RFC
。 WinINET（IE下面的网络堆栈）具有基于RFC之前的RFC Netscape草案规范的cookie实现。

如果我没有指定一个前导点设置DOMAIN属性时，IE
不关心？

正确。所有当前版本的浏览器（Chrome，FF，Opera等）似乎都将前导点视为隐式

来自 Microsoft支持（影响IE 6.0,7.0和8.0）：

< blockquote>

症状：用户从 http：// servername打开网页.xxx.yy 。该地址的网站设置一个cookie并指定xxx.yy作为该cookie的域。但是，Internet Explorer不保存cookie信息。

原因：出于安全原因，Internet Explorer不保存xxx等域的cookie数据.yy，其中.yy是双字母国家/地区代码域，三个字母xxx是通用顶级域名之一：com，edu，gov，int，mil，net或org。此表单的域被视为顶级域，实际上是通用顶级域的国家/地区特定版本。出于安全原因，wininet会阻止为此类域设置Cookie。在这种情况下，xxx.yy实际上是顶级域名，并且受到与.com相同的保护。

分辨率：此行为是设计使然。

Because it's not trivial to tell short domain names apart from TLDs, Microsoft maintains a list of special cases for IE8. The list can be found in res://urlmon.dll/ietldlist.xml.

However, I don't understand how to actually make use of that list. Even the privileged two-letter domains that are listed seem to misbehave.

For example, the domain cn.ca can be found on the list. But here's what I get in IE8's javascript console:

The same method works perfectly on a longer domain, such as stackoverflow.com (I cleared my cookies before this example to avoid unrelated noise):

Is the list of special cases actually broken, or do I simply misunderstand its purpose? Is there any way to set cookies (not limited to a subdomain) for short domains in IE8?

解决方案

No good info in the documentation. However, I found a good write up on this in an MSDN blog post.

Most relevant to your question is Q6:

IE won’t set a cookie for certain domains, like those of the format http://xx.yy?

Correct. The idea is that you may not set a cookie on a "top-level" domain shared by unrelated organizations. Historically, ccTLDs of the format xx.yy were effective TLDs, so cookies may not be set on them. While this heuristic was never perfect, it's been unchanged for over 15 years and hence is not likely to change any time soon. The intricacy of this issue merits a long blog post all its own—see this post.

Other interesting tidbits:

IE's cookie code doesn't seem to support as defined in RFC2109 or RFC2965.

Internet Explorer (including IE8) does not attempt to support any RFC for cookies. WinINET (the network stack below IE) has cookie implementation based on the pre-RFC Netscape draft spec for cookies.

If I don’t specify a leading dot when setting the DOMAIN attribute, IE doesn’t care?

Correct. All current version browsers (Chrome, FF, Opera, etc) seem to treat a leading dot as implicit

From Microsoft Support (Affects IE 6.0, 7.0, and 8.0) :

Symptoms: A user opens a webpage from http://servername.xxx.yy. The web site at that address sets a cookie and specifies "xxx.yy" as the domain for that cookie. However, Internet Explorer does not save the cookie information.

Cause: For security reasons, Internet Explorer does not save cookie data for domains like xxx.yy, where .yy is a two-letter country code domain and the three letters xxx are one of the generic top level domain names: com, edu, gov, int, mil, net, or org. Domains of this form are treated as top level domains, effectively a country-specific version of the generic top level domain. For security reasons, wininet prevents setting cookies for such domains. In this case, xxx.yy is effectively a top level domain, and is protected in the same way as ".com" would be.

Resolution: This behavior is by design.

这篇关于如何在IE8中为双字母域设置cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！