如何设置多个 HTTP cookie
How to set multiple HTTP cookies
我需要了解与 secure 和 httponly 标志一起使用时 HTTP cookie 的格式。
通过查看 Mozilla 的解释,有 this example:
Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure;
HttpOnly
如果我有多个 cookie,它们是否需要多个 set-cookie 和 secure 以及 httponly 标志?还是只写一次?请给我解释一下。
是的,他们需要多个带有 Secure 和 HttpOnly 标志的 Set-Cookie,例如:
Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
Set-Cookie: foo=Hello; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
Set-Cookie: bar=World; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
根据RFC6265,它在HTTP中定义了Cookie和Set-Cookie header:
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field.
我需要了解与 secure 和 httponly 标志一起使用时 HTTP cookie 的格式。
通过查看 Mozilla 的解释,有 this example:
Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
如果我有多个 cookie,它们是否需要多个 set-cookie 和 secure 以及 httponly 标志?还是只写一次?请给我解释一下。
是的,他们需要多个带有 Secure 和 HttpOnly 标志的 Set-Cookie,例如:
Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
Set-Cookie: foo=Hello; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
Set-Cookie: bar=World; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
根据RFC6265,它在HTTP中定义了Cookie和Set-Cookie header:
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field.