Вопрос по http – Как работают куки-файлы браузера?

320

Из-за странных проблем с файлами / поддоменами, которые я получаю, мне хотелось бы узнать, как браузеры обрабатывают файлы cookie. Если они делают это по-разному, было бы также хорошо узнать различия.

Другими словами - когда браузер получает cookie, этот cookie МОЖЕТ иметь домен и привязанный к нему путь. Или нет, в этом случае браузер, вероятно, заменяет некоторые значения по умолчанию для них. Вопрос 1: что это?

Позже, когда браузер собирается сделать запрос, он проверяет свои куки и отфильтровывает те, которые он должен отправить для этого запроса. Это делается путем сопоставления их с путем запросов и доменом. Вопрос 2: каковы правила соответствия?


Added:

Причина, по которой я спрашиваю об этом, заключается в том, что я заинтересован в некоторых крайних случаях. Подобно:

  • Will a cookie for .example.com be available for www.example.com?
  • Will a cookie for .example.com be available for example.com?
  • Will a cookie for example.com be available for www.example.com?
  • Will a cookie for example.com be available for anotherexample.com?
  • Will www.example.com be able to set cookie for example.com?
  • Will www.example.com be able to set cookie for www2.example.com?
  • Will www.example.com be able to set cookie for .com?
  • Etc.

Added 2:

Кроме того, кто-то может подсказать, как мне установить cookie, чтобы:

  • It can be set by either www.example.com or example.com;
  • It is accessible by both www.example.com and example.com.

Ваш Ответ

8   ответов
91

Error: User Rate Limit Exceeded

Error: User Rate Limit ExceededError: User Rate Limit ExceededError: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

  • The origin domain of a cookie is the domain of the originating request.

  • If the origin domain is an IP, the cookie's domain attribute must not be set.

  • If a cookie's domain attribute is not set, the cookie is only applicable to its origin domain.

  • If a cookie's domain attribute is set,

    • the cookie is applicable to that domain and all its subdomains;
    • the cookie's domain must be the same as, or a parent of, the origin domain
    • the cookie's domain must not be a TLD, a public suffix, or a parent of a public suffix.

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded.foo.comError: User Rate Limit Exceededfoo.com

Error: User Rate Limit Exceeded

  • x.y.z.com can set a cookie domain to itself or parents - x.y.z.com, y.z.com, z.com. But not com, which is a public suffix.
  • a cookie with domain=y.z.com is applicable to y.z.com, x.y.z.com, a.x.y.z.com etc.

Error: User Rate Limit Exceededcom, edu, uk, co.uk, blogspot.com, compute.amazonaws.com

Error: User Rate Limit Exceededx.y.z.comError: User Rate Limit Exceededz.com ?
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
319

Error: User Rate Limit ExceededError: User Rate Limit Exceeded (Set-Cookie2Error: User Rate Limit ExceededError: User Rate Limit ExceededError: User Rate Limit ExceededshouldError: User Rate Limit ExceededError: User Rate Limit Exceeded.

Error: User Rate Limit ExceededDomainError: User Rate Limit ExceededSet-CookieError: User Rate Limit Exceeded

  • If the Set-Cookie header field does not have a Domain attribute, the effective domain is the domain of the request.
  • If there is a Domain attribute present, its value will be used as effective domain (if the value does not start with a . it will be added by the client).

Error: User Rate Limit ExceededError: User Rate Limit ExceededError: User Rate Limit Exceeded


Error: User Rate Limit Exceeded

  • Cookie with Domain=.example.com will be available for www.example.com
  • Cookie with Domain=.example.com will be available for example.com
  • Cookie with Domain=example.com will be converted to .example.com and thus will also be available for www.example.com
  • Cookie with Domain=example.com will not be available for anotherexample.com
  • www.example.com will be able to set cookie for example.com
  • www.example.com will not be able to set cookie for www2.example.com
  • www.example.com will not be able to set cookie for .com

Error: User Rate Limit Exceededwww.example.comError: User Rate Limit Exceededexample.comError: User Rate Limit Exceeded.www.example.comError: User Rate Limit Exceeded.example.comError: User Rate Limit Exceeded.www.example.comError: User Rate Limit Exceededfoo.www.example.comError: User Rate Limit Exceededbar.www.example.comError: User Rate Limit Exceeded.example.comError: User Rate Limit Exceededexample.comError: User Rate Limit Exceededfoo.example.comError: User Rate Limit Exceededbar.example.com).

Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceededmy answerError: User Rate Limit Exceeded
veryError: User Rate Limit Exceededwebmasters.stackexchange.com/questions/55790/…Error: User Rate Limit Exceeded
5

Error: User Rate Limit Exceeded

Error: User Rate Limit ExceededError: User Rate Limit Exceededorigin serverError: User Rate Limit ExceededwarningError: User Rate Limit Exceededexample.comError: User Rate Limit Exceeded

Error: User Rate Limit ExceededError: User Rate Limit Exceeded.

Error: User Rate Limit Exceeded

  • cookie attribute Domain=.example.com is equivalent to Domain=example.com
  • cookies with such Domain attributes will be available for example.com and www.example.com
  • cookies with such Domain attributes will be not available for another-example.com
  • specifying cookie attribute like Domain=www.example.com will close the way for www4.example.com

Error: User Rate Limit Exceeded

2

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceededz.comError: User Rate Limit Exceededz.comError: User Rate Limit ExceededallError: User Rate Limit Exceeded
3

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

Error: User Rate Limit ExceededError: User Rate Limit Exceeded

1

Will www.example.com be able to set cookie for .com?

Error: User Rate Limit Exceededexample.com.frError: User Rate Limit Exceededexample2.com.frError: User Rate Limit ExceededError: User Rate Limit Exceeded

Error: User Rate Limit Exceededo2.ieError: User Rate Limit Exceededo2online.ieError: User Rate Limit Exceeded

Error: User Rate Limit Exceededpublicsuffix.org
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
7

Error: User Rate Limit ExceededError: User Rate Limit ExceededError: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded


Response to Added:

  • Will a cookie for .example.com be available for www.example.com? Yes
  • Will a cookie for .example.com be available for example.com? Don't Know
  • Will a cookie for example.com be available for www.example.com? Shouldn't but... *
  • Will a cookie for example.com be available fo,r anotherexample.com? No
  • Will www.example.com be able to set cookie for example.com? Yes
  • Will www.example.com be able to set cookie for www2.example.com? No (Except via .example.com)
  • Will www.example.com be able to set cookie for .com? No (Can't set a cookie this high up the namespace nor can you set one for something like .co.uk).

*Error: User Rate Limit Exceededexample.comError: User Rate Limit Exceeded.example.com.

Error: User Rate Limit Exceeded Vilx-
2

Error: User Rate Limit Exceeded

Error: User Rate Limit ExceededError: User Rate Limit ExceededError: User Rate Limit Exceeded

Error: User Rate Limit Exceeded

Похожие вопросы