Cookie未被HTTP标头删除
[英]Cookie is not deleted by HTTP header
问题描述
My project is using an external authentication provider that sets a cookie if a user is logged in. To log out, I have to delete that cookie. 
我的项目使用的是外部身份验证提供程序,如果用户已登录,该提供程序将设置一个cookie。要注销,我必须删除该cookie。 As far as I can tell, the Set-Cookie header is correct, but the cookie isn't changed. 据我所知, Set-Cookie标头是正确的,但cookie并未更改。 This is the header: 这是标题:
{{cookie_name}}: ""
domain: "{{cookie_domain}}"
expires: "1970-01-01T00:00:00.000Z"
path: "/"
This is the cookie before, and after, going to the logout view: 这是进入注销视图之前和之后的cookie:
Name: {{cookie_name}}
Content: (random string to verify login)
Host: {{cookie_domain}}
Path: /
Send for: Encrypted connections only
Expires: At end of session
Everything is HTTPS. 一切都是HTTPS。 Does anyone know of reasons that a Set-Cookie header might not work? 有人知道Set-Cookie标头可能不起作用的原因吗?
2 个解决方案
解决方案1
0 2014-09-25 11:36:55
Did you try setting all the attributes in the Set-Cookie header when you try to delete the cookie. 您尝试删除Cookie时是否尝试在Set-Cookie标头中设置所有属性。 All attributes that are set in the exisiting cookie should be set when you try to delete. 尝试删除时,应设置现有cookie中设置的所有属性。 From the example you gave above, it seems you are not setting the secure flag when you try to delete the cookie. 从上面给出的示例中,您似乎在尝试删除Cookie时未设置安全标志。
解决方案2
0 已采纳 2014-09-26 17:53:24
It was really an issue with the framework I use (Django). 我使用的框架(Django)确实存在问题。 When I manually set the domain in the set_cookie function, it prefixed a period which meant that it didn't match the existing cookie. 当我在set_cookie函数中手动设置域时,它会在前缀前面加上句点,这表示它与现有的cookie不匹配。 When I didn't enter a domain, it used the default and didn't prefix anything, and it worked. 当我不输入域时,它使用默认值,并且不添加任何前缀,并且有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.