博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
cookie domain and cookie path
阅读量:5369 次
发布时间:2019-06-15

本文共 4473 字,大约阅读时间需要 14 分钟。

Domain=<domain-value> Optional

Specifies those hosts to which the cookie will be sent.

If not specified, defaults to the host portion of the current document location (but not including subdomains).

Contrary to earlier specifications, leading dots in domain names are ignored.

If a domain is specified, subdomains are always included.

 

Path=<path-value> Optional

Indicates a URL path that must exist in the requested resource before sending the Cookie header.

The %x2F ("/") character is interpreted as a directory separator and sub directories will be matched as well (e.g. path=/docs, "/docs", "/docs/Web/", or "/docs/Web/HTTP" will all be matched).

 

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Scope of cookies

The Domain and Path directives define the scope of the cookie: what URLs the cookies should be sent to.

Domain specifies allowed hosts to receive the cookie.

If unspecified, it defaults to the , excluding subdomains.

If Domain is specified, then subdomains are always included.

 

For example, if Domain=mozilla.org is set, then cookies are included on subdomains like developer.mozilla.org.

Path indicates a URL path that must exist in the requested URL in order to send the Cookie header. The %x2F ("/") character is considered a directory separator, and subdirectories will match as well.

For example, if Path=/docs is set, these paths will match:

  • /docs
  • /docs/Web/
  • /docs/Web/HTTP

subdomain

 A subdomain is a domain that is part of a larger domain; the only domain that is not also a subdomain is the .

For example, west.example.com and east.example.com are subdomains of the example.com domain, which in turn is a subdomain of the com (TLD).

A "subdomain" expresses relative dependence, not absolute dependence: for example, wikipedia.org comprises a subdomain of the org domain, and en.wikipedia.org comprises a subdomain of the domain wikipedia.org.

 

 

https://en.wikipedia.org/wiki/HTTP_cookie

Cookie attributes

In addition to a name and value, cookies can also have one or more attributes.

Browsers do not include cookie attributes in requests to the server—they only send the cookie's name and value.

Cookie attributes are used by browsers to determine when to delete a cookie, block a cookie or whether to send a cookie to the server.

Domain and path

The Domain and Path attributes define the scope of the cookie. They essentially tell the browser what website the cookie belongs to. For obvious security reasons, cookies can only be set on the current resource's top domain and its sub domains, and not for another domain and its sub domains.

For example, the website example.org cannot set a cookie that has a domain of foo.com because this would allow the example.org website to control the cookies of foo.com.

 

If a cookie's Domain and Path attributes are not specified by the server, they default to the domain and path of the resource that was requested. However, in most browsers there is a difference between a cookie set from foo.com without a domain, and a cookie set with the foo.com domain. In the former case, the cookie will only be sent for requests to foo.com, also known as a host-only cookie. In the latter case, all sub domains are also included (for example, docs.foo.com). A notable exception to this general rule is Internet Explorer, which always sends cookies to sub domains regardless of whether the cookie was set with or without a domain.

Below is an example of some Set-Cookie HTTP response headers that are sent from a website after a user logged in. The HTTP request was sent to a webpage within the docs.foo.com subdomain:

HTTP/1.0 200 OKSet-Cookie: LSID=DQAAAK…Eaem_vYg; Path=/accounts; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly Set-Cookie: HSID=AYQEVn…DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly Set-Cookie: SSID=Ap4P…GTEq; Domain=foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly …

The first cookie, LSID, has no Domain attribute, and has a Path attribute set to /accounts. This tells the browser to use the cookie only when requesting pages contained in docs.foo.com/accounts (the domain is derived from the request domain).

The other two cookies, HSID and SSID, would be used when the browser requests any subdomain in .foo.com on any path (for example www.foo.com/bar). The prepending dot is optional in recent standards, but can be added for compatibility with based implementations.

 

转载于:https://www.cnblogs.com/chucklu/p/8989609.html

你可能感兴趣的文章
Linux下好用的简单实用命令
查看>>
描绘应用程序级的信息
查看>>
php环境搭建脚本
查看>>
php 编译常见错误
查看>>
MES架构
查看>>
hdu 2767(tarjan)
查看>>
sklearn之分类模型混淆矩阵和分类报告
查看>>
MySQL各存储引擎
查看>>
项目--简单导出CSV文件
查看>>
Oracle session相关数据字典(一)
查看>>
C#用正则表达式 获取网页源代码标签的属性或值
查看>>
BZOJ 3399 [Usaco2009 Mar]Sand Castle城堡(贪心)
查看>>
WCF(一) 简单的认知
查看>>
[MFC][DShow]简单例子
查看>>
js onclick事件传参
查看>>
WiCloud 商业Wi-Fi管理平台
查看>>
团队项目--未完待续
查看>>
python中的网页标签等字符处理
查看>>
Linux常用命令(十二)
查看>>
Linux常用命令(十五)
查看>>