简体繁体 English

HttpWebRequest / HttpWebResponse和cookies的问题

[英]Problems with HttpWebRequest/HttpWebResponse and cookies

原文 2008-11-15 17:16:45 8 3 c#/ .net

I'm having troubles with HttpWebRequest/HttpWebResponse and cookies/CookieContainer/CookieCollection. 我遇到了HttpWebRequest / HttpWebResponse和cookies / CookieContainer / CookieCollection的麻烦。 The thing is, if the web server does not send/use a "path" in the cookie, Cookie.Path equals the path-part of the request URI instead of "/" or being empty in my application. 问题是，如果Web服务器不在cookie中发送/使用“路径”，Cookie.Path等于请求URI的路径部分而不是“/”或在我的应用程序中为空。 Therefore, those cookies do not work for the whole domain, which it actually does in proper web browsers. 因此，这些cookie不适用于整个域，它实际上在适当的Web浏览器中。 Any ideas how to solve this issue? 任何想法如何解决这个问题？

Thanks in advance 提前致谢

3 个解决方案

Ah, I see what you mean. 啊，我明白你的意思了。 Generally what browsers really do is take the folder containing the document as the path; 通常，浏览器真正做的是将包含文档的文件夹作为路径; for '/login.php' that would be '/' so it would effectively work across the whole domain. 对于'/login.php'，它将是'/'，因此它可以在整个域中有效地工作。 '/potato/login.php' would be limited to '/potato/'; '/potato/login.php'将仅限于'/ potato /'; anything with trailing path-info parts (eg. '/login.php/') would not work. 任何带有尾随路径信息的部分（例如'/login.php/'）都行不通。

In this case the Netscape spec could be considered wrong or at least misleading in claiming that path defaults to the current document path... depending on how exactly you read 'path' there. 在这种情况下，Netscape规范可能被认为是错误的，或者至少误导了声称路径默认为当前文档路径...取决于您在那里读取“路径”的具体程度。 However the browser behaviour is consistent back as far as the original Netscape version. 但是，浏览器行为与原始Netscape版本一致。 Netscape never were that good at writing specs... Netscape从来没有那么擅长编写规范......

If .NET's HttpWebRequest is really defaulting CookieContainer.Path to the entire path of the current document, I'd file a bug against it. 如果.NET的HttpWebRequest确实将CookieContainer.Path默认为当前文档的整个路径，我会针对它提交一个错误。

Unfortunately the real-world behaviour is not actually currently described in a standards document... there is RFC 2965, which does get the path thing right, but makes several other changes not representative of real-world browser behaviour, so that's not wholly reliable either. 不幸的是，现实世界中的行为实际上并没有在标准文档中进行描述......有RFC 2965，它确实让路径正确，但做出了其他一些不能代表真实浏览器行为的变化，因此并不完全可靠无论是。 :-( :-(

Seems like I cannot go any further with the default cookie handler, so I got annoyed and I did it the hard way. 好像我不能继续使用默认的cookie处理程序，所以我很生气，我很难做到。 Haha. 哈哈。 So parsing response.Headers["Set-Cookie"] myself is my solution. 所以解析response.Headers [“Set-Cookie”]我自己是我的解决方案。 Not my preferred one but it works. 不是我喜欢的，但它有效。 And I simply eliminated the problem with splitting at the wrong comma using regular expressions. 我只是使用正则表达式拆分错误的逗号来消除问题。

If I could give out points here, I would give you some of them, bobince, because you gave me valuable information. 如果我能在这里给出分数，我会给你一些，因为你给了我有价值的信息。 I would also vote up if I could (need higher rep. score), but since this behavior probably is a bug, as you mentioned, I will accept that as an answer. 我也会投票，如果可以的话（需要更高的代表得分），但由于这种行为可能是一个错误，正如你所提到的，我会接受这个作为答案。

Thank you. 谢谢。 :) :)

That's the way cookies work. 这就是cookies的工作方式。 'Proper' web browsers do exactly the same, as originally specified in the ancient Netscape cookies doc: http://cgi.netscape.com/newsref/std/cookie_spec.html “正确的”网络浏览器完全相同，就像最初在古代Netscape cookie文档中指定的那样： http ： //cgi.netscape.com/newsref/std/cookie_spec.html

Web apps must effectively always set a 'path' (often '/'). Web应用程序必须始终设置“路径”（通常为“/”）。