subdomain.example.com 可以设置一个可由 example.com 读取的 cookie 吗?
我简直不敢相信这很难确定。
即使阅读了 RFC,我也不清楚 subdomain.example.com 上的服务器是否可以设置可由 example.com 读取的 cookie。
subdomain.example.com可以设置Domain属性为.example.com的cookie。 RFC 2965 似乎明确指出这样的 cookie 不会发送到 example.com,但同样表示如果您设置 Domain=example.com,则会在前面添加一个点,就像您说 .example.com 一样。总而言之,这似乎是说,如果 example.com 返回设置了一个带有 Domain=example.com 的 cookie,它不会取回该 cookie!那是不对的。
谁能澄清规则的真正含义是什么?
I simply cannot believe this is quite so hard to determine.
Even having read the RFCs, it's not clear to me if a server at subdomain.example.com can set a cookie that can be read by example.com.
subdomain.example.com can set a cookie whose Domain attribute is .example.com. RFC 2965 seems to explicitly state that such a cookie will not be sent to example.com, but then equally says that if you set Domain=example.com, a dot is prepended, as if you said .example.com. Taken together, this seems to say that if example.com returns sets a cookie with Domain=example.com, it doesn't get that cookie back! That can't be right.
Can anyone clarify what the rules really are?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是。
如果您确保指定域为 .example.com,则 *.example.com 和 example.com 可以访问它。
正是这一原则允许在有人访问 www.website.com 时发出 cookie 的网站在有人离开时访问 cookie离开 www,转至 website.com。
编辑:来自关于 cookie 的 PHP 文档:
这并不是 PHP 独有的。
Yes.
If you make sure to specify that the domain is .example.com, then *.example.com and example.com can access it.
It's that principle that allows websites that issue cookies when somebody goes to www.website.com to access cookies when someone leaves off the www, going to website.com.
EDIT: From the PHP documentation about cookies:
And it's not unique to PHP.