I must be missing some basic thing about COOKIEs. On localhost, when I set a COOKIE on server side and specify the domain explicitly as localhost (or .localhost). the COOKIE does not seem to be accepted by some browsers.
我肯定错过了一些关于饼干的基本知识。在localhost上,当我在服务器端设置一个COOKIE并明确指定域为localhost(或.localhost)时。一些浏览器似乎不接受COOKIE。
Firefox 3.5: I checked the HTTP request in Firebug. What I see is:
Firefox 3.5:我检查了Firebug中的HTTP请求。我所看到的是:
Set-COOKIE:
name=value;
domain=localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
or (when I set the domain to .localhost):
或者(当我将域设置为.localhost):
Set-COOKIE:
name=value;
domain=.localhost;
expires=Thu, 16-Jul-2009 21:25:05 GMT;
path=/
In either case, the COOKIE is not stored.
在这两种情况下,COOKIE都没有存储。
IE8: I did not use any extra tool, but the COOKIE does not seem to be stored as well, because it’s not being sent back in subsequent requests.
IE8:我没有使用任何额外的工具,但是COOKIE似乎也没有被存储,因为在后续的请求中它没有被发送回来。
Opera 9.64: Both localhost and .localhost work, but when I check the list of COOKIEs in Preferences, the domain is set to localhost.local even though it’s listed under localhost (in the list grouping).
Opera 9.64:本地主机和.localhost工作,但是当我在首选项中检查COOKIE列表时,域被设置为localhost。本地,即使它是在本地主机(列表分组)中列出的。
Safari 4: Both localhost and .localhost work, but they are always listed as .localhost in Preferences. On the other hand, a COOKIE without an explicit domain, it being shown as just localhost (no dot).
Safari 4: localhost和.localhost工作,但是它们总是在首选项中被列成.localhost。另一方面,没有显式域的COOKIE,只显示为本地主机(没有点)。
What is the problem with localhost? Because of such a number of inconsistencies, there must be some special rules involving localhost. Also, it’s not completely clear to me why domains must be prefixed by a dot? RFC 2109 explicitly states that:
本地主机的问题是什么?由于存在如此多的不一致性,必须有一些与本地主机相关的特殊规则。同样,我也不完全清楚为什么域必须被一个点前缀?RFC 2109明确指出:
The value for the Domain attribute contains no embedded dots or does not start with a dot.
域属性的值不包含嵌入点,也不包含一个点。
Why? The document indicates that it has to do something with security. I have to admit that I have not read the entire specification (may do it later), but it sounds a bit strange. Based on this, setting COOKIEs on localhost would be impossible.
为什么?文件表明它必须做一些安全的事情。我不得不承认我没有读过完整的规范(以后可能会这么做),但是听起来有点奇怪。基于此,在本地主机上设置COOKIE是不可能的。
182
By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/COOKIE_spec.html)
通过设计,域名必须至少有两个点;否则浏览器会认为它们是无效的。(见参考http://curl.haxx.se/rfc/COOKIE_spec.html)
When working on localhost
, the COOKIE domain must be omitted entirely. Just setting it to ""
or NULL
or FALSE
instead of "localhost"
is not enough.
在处理localhost时,必须完全省略COOKIE域。仅将其设置为“”或NULL或FALSE,而不是“localhost”是不够的。
For PHP, see comments on http://php.net/manual/en/function.setCOOKIE.php#73107.
对于PHP,请参见http://php.net/manual/en/function.setCOOKIE.php#73107的注释。
If working with the Java Servlet API, don't call the COOKIE.setDomain("...")
method at all.
如果使用Java Servlet API,则不要调用COOKIE.setDomain(“…”)方法。
25
I broadly agree with @Ralph Buchfelder, but here's some amplification of this, by experiment when trying to replicate a system with several subdomains (such as example.com, fr.example.com, de.example.com) on my local machine (OS X / Apache / Chrome|Firefox).
我大致同意@Ralph Buchfelder的观点,但这里有一些放大的例子,尝试在我的本地机器上复制一个包含多个子域名的系统(如example.com, fr.example.com, de.example.com)。
I've edited /etc/hosts to point some imaginary subdomains at 127.0.0.1:
我已经编辑了/etc/hosts,在127.0.0.1处点了一些虚拟的子域:
127.0.0.1 localexample.com
127.0.0.1 fr.localexample.com
127.0.0.1 de.localexample.com
If I am working on fr.localexample.com and I leave the domain parameter out, the COOKIE is stored correctly for fr.localexample.com, but is not visible in the other subdomains.
如果我在fr.localexample.com上工作,而我将域参数保留了出来,那么COOKIE就会被正确地存储到fr.localexample.com中,但是在其他子域中是不可见的。
If I use a domain of ".localexample.com", the COOKIE is stored correctly for fr.localexample.com, and is visible in other subdomains.
如果我使用“.localexample.com”的域,那么COOKIE就会被正确地存储为fr.localexample.com,并且在其他子域中是可见的。
If I use a domain of "localexample.com", or when I was trying a domain of just "localexample" or "localhost", the COOKIE was not getting stored.
如果我使用“localexample.com”的域,或者当我尝试使用“localexample”或“localhost”的域时,COOKIE就不会被存储。
If I use a domain of "fr.localexample.com" or ".fr.localexample.com", the COOKIE is stored correctly for fr.localexample.com and is (correctly) invisible in other subdomains.
如果我使用“fr.localexample.com”或“。fr.localexample.com”的域,那么COOKIE就会被正确地存储到fr.localexample.com中,并且(正确地)在其他子域中是不可见的。
So the requirement that you need at least two dots in the domain appears to be correct, even though I can't see why it should be.
所以你需要至少两个点在域上的要求看起来是正确的,即使我不明白为什么它应该是正确的。
If anyone wants to try this out, here's some useful code:
如果有人想尝试一下,这里有一些有用的代码:
";
setCOOKIE("myCOOKIE", $val, time() + 48 * 3600, '/', $domain);
}
print "";
print "COOKIE:
";
var_dump($_COOKIE);
print "Server:
";
var_dump($_SERVER);
print "
";
?>
20
localhost: You can use: domain: ".app.localhost"
and it will work. The 'domain' parameter needs 1 or more dots in the domain name for setting COOKIEs. Then you can have sessions working across localhost subdomains such as: api.app.localhost:3000
.
localhost:您可以使用:domain:。app。本地主机,它会工作。“域”参数需要在域名中设置一个或多个点来设置COOKIE。然后,您可以在localhost子域(如:api.app.localhost:3000)上进行会话。
9
When a COOKIE is set with an explicit domain of 'localhost' as follows...
当一个COOKIE被设置为“localhost”的显式域时,如下…
Set-COOKIE: name=value; domain=localhost; expires=Thu, 16-Jul-2009 21:25:05 GMT; path=/
set - COOKIE:name =价值;域=主机;自2009年7月到期=星期四,16 - 21:25:05格林尼治时间;路径= /
...then browsers ignore it because it does not include at least two periods and is not one of seven specially handled, top level domains.
…然后浏览器会忽略它,因为它不包括至少两个阶段,而且不是七个特别处理的顶级域之一。
...domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
…域必须至少有两个(2)或3个(3)个周期,以防止表单的域:“。com”、“。edu”和“va.us”。在以下列出的七个特殊顶级域之一中,任何一个域都失败了,只需要两个阶段。任何其他域至少需要3个。7个特殊的顶级域名是:COM、EDU、NET、ORG、GOV、MIL和INT。
Note that the number of periods above probably assumes that a leading period is required. This period is however ignored in modern browsers and it should probably read...
请注意,上述期间的数量可能假设需要一个领先周期。然而,这一时期在现代浏览器中被忽视了,它应该会被阅读……
at least one (1) or two (2) periods
至少有一(1)或2(2)个周期。
Note that the default value for the domain attribute is the host name of the server which generated the COOKIE response.
注意,域属性的默认值是生成COOKIE响应的服务器的主机名。
So a workaround for COOKIEs not being set for localhost is to simply not specify a domain attribute and let the browser use the default value - this does not appear to have the same constraints that an explicit value in the domain attribute does.
因此,对于没有为localhost设置的COOKIE的一个解决方案是,不指定域属性,并让浏览器使用默认值——这似乎不具有域属性中显式值所具有的相同约束。
3
Results I had varied by browser.
结果我用浏览器改变了。
Chrome- 127.0.0.1 worked but localhost .localhost and "" did not. Firefox- .localhost worked but localhost, 127.0.0.1, and "" did not.
Chrome- 127.0.0.1工作,但localhost .localhost和“”没有。Firefox- .localhost工作,但是localhost, 127.0.0.1,并且“没有”。
Have not tested in Opera, IE, or Safari
没有在Opera, IE或Safari中测试过吗?
1
I had much better luck testing locally using 127.0.0.1 as the domain. I'm not sure why, but I had mixed results with localhost and .localhost, etc.
我在本地使用127.0.0.1作为域进行了更好的测试。我不知道为什么,但是我把结果与localhost和.localhost等混合了。
1
None of the suggested fixes worked for me - setting it to null, false, adding two dots, etc - didn't work.
所有建议的修复程序都不适合我——将其设置为null、false、添加两个点等等——都不起作用。
In the end, I just removed the domain from the COOKIE if it is localhost and that now works for me in Chrome 38.
最后,如果它是localhost,我就从COOKIE中删除了域,现在在Chrome 38中为我工作。
Previous code (did not work):
以前的代码(不工作):
document.COOKIE = encodeURI(key) + '=' + encodeURI(value) + ';domain=.' + document.domain + ';path=/;';
New code (now working):
新代码(工作):
if(document.domain === 'localhost') {
document.COOKIE = encodeURI(key) + '=' + encodeURI(value) + ';path=/;' ;
} else {
document.COOKIE = encodeURI(key) + '=' + encodeURI(value) + ';domain=.' + document.domain + ';path=/;';
}
1
Spent a great deal of time troubleshooting this issue myself.
我自己花了大量的时间来解决这个问题。
Using PHP, and Nothing on this page worked for me. I eventually realized in my code that the 'secure' parameter to PHP's session_set_COOKIE_params() was always being set to TRUE.
使用PHP,这个页面上的任何东西都不适合我。我最终在我的代码中发现,PHP的session_set_COOKIE_params()的“安全”参数总是被设置为TRUE。
Since I wasn't visiting localhost with https my browser would never accept the COOKIE. So, I modified that portion of my code to conditionally set the 'secure' param based on $_SERVER['HTTP_HOST'] being 'localhost' or not. Working well now.
因为我没有使用https访问localhost,所以我的浏览器永远不会接受COOKIE。因此,我修改了代码的部分,以有条件地设置基于$_SERVER['HTTP_HOST']为'localhost'或not的'secure' param。现在工作。
I hope this helps someone.
我希望这能帮助别人。
0
document.COOKIE = valuename + "=" + value + "; " + expires + ";domain=;path=/";
文档。COOKIE = valuename + "=" + value + ";+ expires + ";domain=;path=/";
this "domain=;path=/"; will take dynamic domain as its COOKIE will work in subdomain. if u want to test in localhost it will work
这种“域=;路径= /”;将使用动态域,因为它的COOKIE将在子域中工作。如果您想在localhost中进行测试,它将会工作。
0
There is an issue on Chromium open since 2011, that if you are explicitly setting the domain as 'localhost', you should set it as false
or undefined
.
自2011年以来,有一个关于Chromium开放的问题,如果您明确地将域设置为“localhost”,那么您应该将其设置为false或undefined。
0
I was playing around a bit.
我玩了一会儿。
Set-COOKIE: _xsrf=2|f1313120|17df429d33515874d3e571d1c5ee2677|1485812120; Domain=localhost; Path=/
works in Firefox and Chrome as of today. However, I did not find a way to make it work with curl. I tried Host-Header and --resolve, no luck, any help appreciated.
在今天的Firefox和Chrome中工作。然而,我并没有找到使其卷曲的方法。我试着顶着头,没有运气,没有任何帮助。
However, it works in curl, if I set it to
但是,如果我把它设置成curl,它就会工作。
Set-COOKIE: _xsrf=2|f1313120|17df429d33515874d3e571d1c5ee2677|1485812120; Domain=127.0.0.1; Path=/
instead. (Which does not work with Firefox.)
代替。(这与Firefox不兼容)。
0
Another important detail, the expires= should use the following date time format: Wdy, DD-Mon-YYYY HH:MM:SS GMT (RFC6265 - Section 4.1.1).
另一个重要的细节,expires=应该使用以下日期时间格式:Wdy, dd - monyyyyy HH:MM:SS GMT (RFC6265 - Section 4.1.1)。
Set-COOKIE:
name=value;
domain=localhost;
expires=Thu, 16-07-2019 21:25:05 GMT;
path=/
0
I had the same issue and I fixed it by putting 2 dots in the COOKIE name itself without specifying any domain.
我也有同样的问题,我把两个点放在COOKIE的名字中,而不指定任何域。
set-COOKIE: name.s1.s2=value; path=/; expires=Sun, 12 Aug 2018 14:28:43 GMT; HttpOnly
-1
None of the answers here worked for me. I fixed it by putting my PHP as the very very first thing in the page.
这里的答案都不适合我。我把PHP作为页面的第一项。
Like other headers, COOKIEs must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.
与其他标题一样,必须在脚本的任何输出之前发送COOKIE(这是一个协议限制)。这就要求您在任何输出、包括和标记以及任何空格之前对该函数进行调用。
From http://php.net/manual/en/function.setCOOKIE.php
从http://php.net/manual/en/function.setCOOKIE.php