奇怪的未设置cookie问题
我在通过 PHP 清除 Cookie 时遇到一个奇怪的问题。
假设我有一个域名 neobie.net 我将“记住用户登录”cookie 名称存储为“USER_INFO”,其中包含用于在下次重新访问时识别用户登录的字符串。
现在使用 Firefox,我看到我有 2 个 cookie USER_INFO,域名为“www.neobie.net”和“.neobie.net”,过期日期为 1 周后。
我编写了一个logout.php脚本,它清除不同域(.neobie.net、www.neobie.net、neobie.net)的cookie,以确保不同域的USER_INFO cookie被完全清除。
现在是问题所在。 当用户访问 logout.php 时,用户无法清除 cookie
我发现,我必须手动删除域为“www.neobie.net”的 cookie,留下“.neobie” .net”完好无损,那么只能清除cookie。
因此,我必须使 php 脚本在“.neobie.net”上设置 cookie USER_INFO,并阻止它在“www.neobie.net”上设置 cookie 以使 logout.php 脚本正常工作。
但我不明白为什么我无法清除“www.neobie.net”的cookie(带前导www.,在firefox和chrome上测试)
I have a strange problem to clear Cookie via PHP.
Lets say if I have a domain neobie.net
I store "remember user login" cookie name as "USER_INFO" which contains string to identify user login in the next time of revisit.
now using firefox, I saw that I have 2 cookies USER_INFO with domain "www.neobie.net" and ".neobie.net" with expiration date of 1 week later.
I wrote a logout.php script, which clear the cookie of different domain (.neobie.net, www.neobie.net, neobie.net) to ensure that USER_INFO cookie is completely cleared for different domain.
Now is the problem.
The user isn't able to clear the cookie when user visit logout.php
I found out that, I have to manually delete the cookie with domain "www.neobie.net", leaving the ".neobie.net " intact, then only the cookie can be cleared.
So, I have to make the php script to setcookie USER_INFO on ".neobie.net", and prevent it to set cookie on "www.neobie.net" to make the logout.php script work.
But I don't understand why I couldn't clear the cookie for "www.neobie.net" (with leading www. , tested on firefox and chrome)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您有重叠的 cookie 域。 www.neobie.net 将接收 .neobie.net 上设置的 cookie。因此无需在两个域上设置相同的 cookie。
如果您的注销 URL 以 http://www.neobie.net 开头,您应该能够清除 cookie www.neobie.net 域名。 HTTP 标头跟踪会有所帮助。
You have overlapping cookie domains. www.neobie.net will receive cookies set on the .neobie.net. So there is no need to set the same cookie on both domains.
If your logout URL starts with http://www.neobie.net, you should be able to clear cookies on www.neobie.net domain. A HTTP header trace will help.