为什么 cURL 不将 cookie 的 expires/max-age 值发送回服务器?
Why doesn't cURL send expires/max-age value of cookie back to server ?
我正在 java 中使用 Netty.io 框架构建服务器,我在验证请求时遇到问题。
在验证请求时,我试图通过检查 sessionId 来验证它,它是 expiry。
if (sessionId == correctSessionId && expiry < currentTime) {
// then mark the request as authenticated.
}
但是每当我向服务器发送请求时(在我登录并收到适当的过期 cookie 之后),服务器端都没有收到 expiry/max-age。我做错了什么?
登录的 Curl 请求:
curl -b cookies.txt -c cookies.txt -POST http://localhost:8080/api/v1/account/login -H 'content-type: application/json' -d '{"mobile": "123", "password": "123"}' -v
输出:
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /api/v1/account/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> content-type: application/json
> Content-Length: 36
>
* upload completely sent off: 36 out of 36 bytes
< HTTP/1.1 200 OK
* Replaced cookie sessionId="efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==" for domain localhost, path /api/v1/account/, expire 1469968200
< Set-Cookie: sessionId=efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==; Max-Age=180; Expires=Sun, 31 Jul 2016 12:30:00 GMT
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection 0
{"id":"579d3d9902dd1134817edefc","name":"admin","mobile":"123","email":null,"audit":{"createdTime":1469922712940,"createdBy":null,"modifiedTime":1469922712940,"modifiedBy":null}}
Notice Set-cookie header and it's expiry date. Server sends it correctly.
Cookies.txt 文件:
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE /api/v1/account/ FALSE 1469968200 sessionId efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==
cookies.text also stores the values correctly.
访问需要身份验证的资源的 Curl 请求:
curl -c cookies.txt -b cookies.txt -XGET http://localhost:8080/api/v1/account/details -H 'content-type: application/json' -v
它的输出:
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /api/v1/account/details HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Cookie: sessionId=efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==
> content-type: application/json
>
< HTTP/1.1 401 Unauthorized
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection 0
Session Unauthorized. Please login%
SessionId is sent but no expiry or max-age. Why ?
我错过了什么?
curl 不会发回它,因为它遵循 HTTP cookie 协议(请参阅 RFC6265)并且它表示客户端应该只为每个 cookie 发送 name=val。过期时间和其他元数据由服务器发送并由客户端处理,但永远不会发回。
我正在 java 中使用 Netty.io 框架构建服务器,我在验证请求时遇到问题。
在验证请求时,我试图通过检查 sessionId 来验证它,它是 expiry。
if (sessionId == correctSessionId && expiry < currentTime) {
// then mark the request as authenticated.
}
但是每当我向服务器发送请求时(在我登录并收到适当的过期 cookie 之后),服务器端都没有收到 expiry/max-age。我做错了什么?
登录的 Curl 请求:
curl -b cookies.txt -c cookies.txt -POST http://localhost:8080/api/v1/account/login -H 'content-type: application/json' -d '{"mobile": "123", "password": "123"}' -v
输出:
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /api/v1/account/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> content-type: application/json
> Content-Length: 36
>
* upload completely sent off: 36 out of 36 bytes
< HTTP/1.1 200 OK
* Replaced cookie sessionId="efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==" for domain localhost, path /api/v1/account/, expire 1469968200
< Set-Cookie: sessionId=efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==; Max-Age=180; Expires=Sun, 31 Jul 2016 12:30:00 GMT
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection 0
{"id":"579d3d9902dd1134817edefc","name":"admin","mobile":"123","email":null,"audit":{"createdTime":1469922712940,"createdBy":null,"modifiedTime":1469922712940,"modifiedBy":null}}
Notice Set-cookie header and it's expiry date. Server sends it correctly.
Cookies.txt 文件:
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE /api/v1/account/ FALSE 1469968200 sessionId efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==
cookies.text also stores the values correctly.
访问需要身份验证的资源的 Curl 请求:
curl -c cookies.txt -b cookies.txt -XGET http://localhost:8080/api/v1/account/details -H 'content-type: application/json' -v
它的输出:
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /api/v1/account/details HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Cookie: sessionId=efB9DYHl46aARJMtW59fSKuf+wVtpZ0Y0eveJiLMLH+lEBfvHjzaow==
> content-type: application/json
>
< HTTP/1.1 401 Unauthorized
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection 0
Session Unauthorized. Please login%
SessionId is sent but no expiry or max-age. Why ?
我错过了什么?
curl 不会发回它,因为它遵循 HTTP cookie 协议(请参阅 RFC6265)并且它表示客户端应该只为每个 cookie 发送 name=val。过期时间和其他元数据由服务器发送并由客户端处理,但永远不会发回。