静态无 Cookie 域

发布于 2024-11-08 13:48:34 字数 826 浏览 4 评论 0原文

有人可以向我解释如何设置 cookieless 域吗? 关于这个问题的帖子很多,但我还是很困惑。

我知道传输静态资源的会话信息是沉重的负担,并且希望消除这种开销。我的困惑可能在于实现这种方案是

  • 客户端
  • 配置还是服务器
  • 配置还是两者兼而有之。

假设用户登录到一个站点(并且登录详细信息存储在 cookie 中):

  • 在 HTTP 数据包中,cookie 与要呈现的页面一起设置
  • 当浏览器解释页面并在标头中遇到对静态资源的引用时,
    • 浏览器生成新的 HTTP 请求来获取这些资源
    • 默认情况下将 cookie 与这些请求一起发送
    • 如何指示浏览器不要对这些资源执行此操作?

实现此场景的实际方法是设置“静态域”。

  • 这只是另一个域或子域:
    • 可以引用原始域中的资源,或保留副本
    • 并且不会包含任何脚本,例如index.php
    • 并且会有一个 .htaccess 来防止目录浏览
  • 这个“静态”是否有重要属性我缺少的子域?
    • CNAME 记录怎么了?
    • 有没有办法将域配置为不接受 Cookie?
    • 即使有,浏览器如何知道哪些域应发送 Cookie,哪些域不发送?

很多问题。我在这里遗漏了一些重要的东西。希望有人能帮忙。

我正在使用 codeigniter 开发一个网站,如果它有所作为的话。 我使用的网络服务器是 cPanel 驱动的 Apache 服务器。

Can someone explain to me how to set up cookieless domain?
There are many posts regarding this matter, but I'm still confused.

I understand that transmitting session information for static resources is dead weight, and want to eliminate this overhead. My confusion probably lies in whether implementing this scenario, is a configuration of the

  • client
  • the server
  • or both.

Suppose the user logs into a site (and the login details are stored in a cookie):

  • In the HTTP packet, the cookie is set along with the page to render
  • When the browser interprets the page, and encounters references to static resources in the header,
    • the browser generates new HTTP requests to fetch those resources
    • and by default sends the cookie along with those requests
    • how could I instruct the browser not to do so for these resources?

The defacto method of implementing this scenario is to set up a 'static domain'.

  • Which is simply another domain or a sub-domain:
    • which could reference the resources in the original domain, or keep a duplicate
    • and would be void of any scripts, like an index.php
    • and would have an .htaccess to prevent directory browsing
  • Is there crucial property of this 'static' subdomain that I'm missing?
    • What's up with the CNAME record?
    • Is there a way of configuring a domain to not accept cookies?
    • Even if there is, how would the browser know which domains to send cookies to, and which ones not to?

Lots of questions. I'm missing something crucial here. Hope someone can help.

I'm developing a site with codeigniter, if it makes a difference.
And the webserver I'm using is a cPanel driven Apache server.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

幻梦 2024-11-15 13:48:34

无 cookie 域基本上是特定 cookie 无效的域。 HTTP cookie 可以限制到特定域(或超级域及其子域),您应该选择该域,以便它与无 cookie 的域不匹配。

为此,您需要知道如何解释 Domain 属性值:

  • 如果缺少 Domain 属性,则 Cookie 仅对指定的域有效。
  • 如果存在 Domain 属性,其值必须以 . 开头,其有效域值是不带前导 Domain 属性值. 及其所有子域。

A cookie-less domain is basically a domain that a specific cookie is not valid for. As HTTP cookies can be limited to a specific domain (or super-domain and its sub-domains), you should choose that domain so that it doesn’t match the cookie-less domain.

To do that you need to know how the Domain attribute value is interpreted:

  • If the Domain attribute is missing, a cookie is only valid for the domain it was specified in.
  • If the Domain attribute is present, its value must begin with a . and its effective domain value is the Domain attribute value without the leading . and all its sub-domains.
寄人书 2024-11-15 13:48:34

Cookie 有一个关联的域。您应该确保您设置的 cookie 的域与您的静态域不匹配。

http://en.wikipedia.org/wiki/HTTP_cookie#Domain_and_Path

Cookies have an associated domain. You should ensure that the cookies you set have a domain that will not match the domain of your static domain.

http://en.wikipedia.org/wiki/HTTP_cookie#Domain_and_Path

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文