set-cookie 似乎被 Chrome 忽略了,但 IE 却没有?奇怪的过期问题? 302 重定向?天哪,你们大家
我正在使用与此类似的代码通过 ASP.NET 设置一个带有过期日期的 cookie,
System.Web.Security.FormsAuthenticationTicket ticket = new System.Web.Security.FormsAuthenticationTicket(1, uname, DateTime.UtcNow, DateTime.UtcNow.AddDays(30), bool_persist, "some custom string data here");
string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket);
HttpCookie auth_cookie = new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, encrypted_ticket);
auth_cookie.HttpOnly = true;
if (persist) //passed in to method as parameter
{
auth_cookie.Expires = DateTime.UtcNow.AddDays(30);
}
auth_cookie.Domain = ".mydomainname.com";
Response.Cookies.Set(auth_cookie);
我还在同一个请求中另外设置了另一个 cookie 以保留一些其他数据,然后重定向到另一个页面。
在对 /redirect_to_this_page 的请求上,响应中包含以下标头
HTTP/1.1 302 Found
Location: /redirect_to_this_page
Set-Cookie:.myAuthCookie=TRUNCATED_ENCRYPTED_DATA_FOR_READABILITY; domain=.mydomainname.com; expires=Sun, 27-Nov-2011 20:27:16 GMT; path=/; HttpOnly
Set-Cookie:__MyOtherCookie=; domain=full.mydomainname.com; expires=Thu, 28-Oct-2010 20:27:24 GMT; path=/; HttpOnly
,由于某种原因,我没有看到标头被发送。
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:__utma=113888769.1619895090.1322774580.1322774580.1322774580.1; __utmb=113888769.5.8.1322774827282; __utmc=113888769; __utmz=113888769.1319833259.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=
Host:full.mydomainname.com
Referer:http://full.mydomainname.com/referring_page_that_set_cookies
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2
有什么想法如何解决这个问题吗?每个请求都会设置 __MyOtherCookie。
谢谢
穆斯塔法
编辑
一些发现: IE9运行正常。 如果 Cookie 有过期日期,Chrome 在获取 Set-Cookie 标头后不会设置 Cookie。
因此,如果我发送没有过期的 cookie(因此浏览器将其视为会话 cookie,在浏览器关闭时将其杀死),则 cookie 始终会正确设置,并且所有请求都包含正确的 cookie。
用乔恩·斯图尔特的话来说......哇?
I'm setting a cookie with an expiration date via ASP.NET using code similar to this
System.Web.Security.FormsAuthenticationTicket ticket = new System.Web.Security.FormsAuthenticationTicket(1, uname, DateTime.UtcNow, DateTime.UtcNow.AddDays(30), bool_persist, "some custom string data here");
string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket);
HttpCookie auth_cookie = new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, encrypted_ticket);
auth_cookie.HttpOnly = true;
if (persist) //passed in to method as parameter
{
auth_cookie.Expires = DateTime.UtcNow.AddDays(30);
}
auth_cookie.Domain = ".mydomainname.com";
Response.Cookies.Set(auth_cookie);
I am additionally setting another cookie in the same request to persist some other data then I redirect to another page.
The following header comes through on the response
HTTP/1.1 302 Found
Location: /redirect_to_this_page
Set-Cookie:.myAuthCookie=TRUNCATED_ENCRYPTED_DATA_FOR_READABILITY; domain=.mydomainname.com; expires=Sun, 27-Nov-2011 20:27:16 GMT; path=/; HttpOnly
Set-Cookie:__MyOtherCookie=; domain=full.mydomainname.com; expires=Thu, 28-Oct-2010 20:27:24 GMT; path=/; HttpOnly
On the request for the /redirect_to_this_page, I don't see the header being sent for some reason.
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:__utma=113888769.1619895090.1322774580.1322774580.1322774580.1; __utmb=113888769.5.8.1322774827282; __utmc=113888769; __utmz=113888769.1319833259.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=
Host:full.mydomainname.com
Referer:http://full.mydomainname.com/referring_page_that_set_cookies
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2
Any ideas how to solve this issue? The __MyOtherCookie gets set on every request.
Thanks
Mustafa
EDIT
Some discoveries:
IE9 works properly.
Chrome does not set the cookie after getting the Set-Cookie header if it has an expiration date.
So if I send the cookie without an expiration (so it gets treated like a session cookie by the browser, killed when the browser is closed), the cookie is always set properly and all requests contain the correct cookie.
In the words of Jon Stewart.... Whaaa?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
我们在 Chrome(版本 21.0.1180)上遇到了同样的问题。尽管我们在标头上看到了过期日期,但 Windows XP 中的某些 Chrome 忽略了它。然后我们删除了过期日期,Chrome 接受了保留会话 cookie,没有任何问题。
We had the same issue with Chrome (version 21.0.1180). Despite that we see expiration date on Header, some Chrome in Windows XP ignored it. Then we removed the Expiration Date and Chrome accepted keep the session cookie without problems.
当我们将代码从一台服务器移动到另一台服务器时,我们也遇到了类似的症状。当登录成功时,我们的登录将在重定向上设置一个过期的 cookie。在新服务器上,Firefox 工作正常,但 Chrome 和 Safari 失败了(我没有尝试 IE)。一切都在旧服务器上运行。在比较了两种情况的标头/响应后,我发现新服务器上的服务器时间已设置,因此设置 cookie 时,cookie 过期中提供的时间已经过去了!
我们提供的是不新鲜的饼干。
在新服务器上正确设置时间使其正常工作。
假设:FF 有效,因为它将过期时间戳与响应标头的 Date: 值进行比较 - 其他两个必须使用本地计算机的操作系统时间?
We had similar symptoms when moving our code from one server to another. Our login would set an expiring cookie on a redirect when login was successful. On the new server Firefox worked fine but Chrome and Safari failed (I didn't try IE). All worked on the old server. After comparing the headers/responses of two cases, I discovered the server time on the new server was set so that the time provided in the cookie expiration had already passed when the cookie was set!
We were serving stale cookies.
Setting the time properly on the new server made it work.
Assumption: FF works because it compares the expiration timestamp with the response header's Date: value - the other two must use the local machine's OS time?
我们有同样的症状。事实证明,即使服务器上的日期/时间设置正确,IIS 也会将 HTTP 日期标头中的错误日期返回给浏览器。 IISRESET 没有帮助,需要完全重新启动服务器才能修复它。
更新:或使用此方法重置日期:https://serverfault.com/a/217348
We had the same symptoms. It turned out that IIS was returning the wrong date in an HTTP Date header to the browser even though the date/time was set correctly on the server. IISRESET didn't help, it took a full server reboot to fix it.
Update: or use this method to reset the date: https://serverfault.com/a/217348
从您的自定义 cookie 中删除域,然后重试。
如果你想在所有子域中使用 cookie cookie 中的域名必须与开头带有点的域匹配,查看你的标头它不匹配:
服务器响应有:
请求有:
或者可能与 safari bug 有关Safari 不设置 Cookie,但IE / FF 可以
Remove domain from your custom cookie and try again.
If you want to use cookie across all subdomains domain name in cookie must match domain with dot at the beggining, looking at your headers it doesn't match:
Server response has:
request has:
Or maybe it's has something to do with that safari bug Safari doesn't set Cookie but IE / FF does
为什么使用点作为“.myAuthCookie”的 cookie 名称前缀?根据 RFC 它被视为分隔符。
Why are you using a dot as cookie name prefix for ".myAuthCookie"? As per RFC it is treated as a separator.