在请求Cookie标头中发送的子域cookie,但在IE JavaScript的document.cookie中不存在
[英]Subdomain cookie sent in request Cookie header, but not present in IE JavaScript's document.cookie
问题描述
I'm having a strange problem with cookies which are being sent and received properly but are inaccessible to JavaScript on Internet Explorer. 
我有一个奇怪的问题,正在发送和接收的cookie,但Internet Explorer上的JavaScript无法访问。 Chrome, Firefox, Opera, and Safari JavaScript is fine. Chrome,Firefox,Opera和Safari JavaScript都可以。
Post to " http://wp.abc.example.com/content/sv2.cgi?id=1234 ", response sets cookies, issues 302 redirect:
发布到“ http://wp.abc.example.com/content/sv2.cgi?id=1234 ”,响应设置Cookie,问题302重定向: HTTP/1.0 302 Moved Temporarily Location: http://members.abc.example.com/abc/members/0912/07/news01.html Set-Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ; Set-Cookie: LEADENDDATE=20091218; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;Browser requests target page, including the cookies just sent.
浏览器请求目标页面,包括刚刚发送的cookie。 GET /abc/members/0912/07/news01.html HTTP/1.1 Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; LEADENDDATE=20091218; Host: members.abc.example.comRun "javascript:alert(document.cookie);"
运行“javascript:alert(document.cookie);” in the browser address bar. 在浏览器地址栏中。 On IE, and IE only, the cookies aren't there.
在IE和IE上,cookie不在那里。 Other browsers are fine. 其他浏览器都很好。 This is true for IE6, 7, and 8. 这适用于IE6,7和8。
So in summary, 总而言之,
The "wp.abc.example.com" sets a cookie on "abc.example.com", which is sent to the server in requests on "members.abc.example.com", but not visible to JavaScript on that page. “wp.abc.example.com”在“abc.example.com”上设置一个cookie,该cookie在“members.abc.example.com”的请求中发送给服务器,但在该页面上的JavaScript不可见。
Why? 为什么?
I thought maybe instead of "abc.example.com" the cookie should be set on ".abc.example.com" to allow subdomain matching, but even so it's being sent in the "members.abc.example.com" request header. 我想也许而不是“abc.example.com”,应该在“.abc.example.com”上设置cookie以允许子域匹配,但即便如此,它也会在“members.abc.example.com”请求标头中发送。
Basically it's acting as though "HttpOnly" is set on the cookie, even though from the Set-Cookie header example shown above, that flag is not included. 基本上它就像在cookie上设置“HttpOnly”一样,即使从上面显示的Set-Cookie头部示例中,也不包括该标志。 Does the extra ";" 额外的“;” maybe have some effect? 也许有一些影响?
1 个解决方案
解决方案1
7 已采纳 2009-12-22 06:21:29
Eric Law wrote up a good article on IE's various cookie-handling quirks a while back. Eric Law在一段时间内写了一篇关于IE各种cookie处理怪癖的好文章 。 One of the questions he answers appears as though it may apply to your scenario: 他回答的问题之一似乎可能适用于您的场景:
Q8: Are there any limits to the HTML DOM document.cookie property?
A: [...]
Also, due to an obscure bug in the underlying WinINET InternetGetCookie implementation, IE's document.cookie will not return a cookie if it was set with a path attribute containing a filename.
[...]
Note that your paths do include filenames: 请注意,您的路径不包括文件名:
Set-Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7;
Set-Cookie: LEADENDDATE=20091218;
I suggest you try setting the cookies with filename-free paths, and see if that doesn't help... 我建议你尝试使用无文件名路径设置cookie,看看是否有帮助......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.