javascript document.cookie缺少一些配对
[英]javascript document.cookie missing some pairs
问题描述
My script set up ten cookies and the browser successfully saved them, but document.cookie only retrieves nine pairs, the missing pair is as follow: 
我的脚本设置了十个cookie,浏览器成功保存了它们,但是document.cookie仅检索九对,缺少的对如下:
auth:4ae9Mq1j6tjt7dV6kV6A0piHB6NnNjijBmecax9mA8cfDpSs6pnAcD7H1%2FUqWMIIB%2BbgtKIJ2w1L2GnXkgV2
What happened? 发生了什么? Is there a character limit in document.cookie ? document.cookie是否有字符限制? The cookie domain is the same as all the others. Cookie域与其他所有域相同。
2 个解决方案
解决方案1
7 2012-05-30 13:46:42
The problem is that the server side is sending the cookies with the HttpOnly setting as described here: http://en.wikipedia.org/w/index.php?title=HTTP_cookie#HttpOnly_cookie 问题在于服务器端正在使用HttpOnly设置发送cookie,如下所示: http : //en.wikipedia.org/w/index.php? title=HTTP_cookie#HttpOnly_cookie
Cookies sent this way are not accessible thru document.cookie. 通过document.cookie无法访问以这种方式发送的Cookie。 This is generally used to help protect the cookie value against possible XSS attacks on your site. 通常用于保护Cookie值,以防您的站点上可能受到XSS攻击。
You didn't mention which technology you're using on the server side to set the cookies. 您没有提到在服务器端使用哪种技术来设置Cookie。 In case you're using PHP, this link lists the possible ways the HttpOnly flag could be set: 如果您使用的是PHP,则此链接列出了设置HttpOnly标志的可能方式:
https://www.owasp.org/index.php/HttpOnly#Using_PHP_to_set_HttpOnly https://www.owasp.org/index.php/HttpOnly#Using_PHP_to_set_HttpOnly
解决方案2
0 2011-07-04 03:43:26
I have two clarifying questions: 我有两个澄清的问题:
- Why do you think that your "browser successfully saved" all of your cookie crumbs if the final crumb does not appear to be stored in document.cookie? 如果最终的碎屑似乎没有存储在document.cookie中,为什么您认为您的“浏览器成功保存了”所有的碎屑呢?
- Is the missing value the one you attempted to add last? 缺失值是您最后一次尝试添加的值吗? If so, from the information you've provided, I assume that value is too long to store in the cookie. 如果是这样,则根据您提供的信息,我认为该值太长而无法存储在Cookie中。
The size in bytes of your cookie crumb string depends on your encoding. Cookie碎屑字符串的字节大小取决于您的编码。
You can read more about the maximum cookie size and number allowed per domain here . 您可以在此处了解有关每个域允许的最大Cookie大小和数量的更多信息。 You can read an older discussion of what happens if you exceed the limit in different browsers here . 您可以在此处阅读有关在不同浏览器中超出限制会发生什么的较早讨论。 These limits vary per browser. 这些限制因浏览器而异。
RFC 2109 states that browsers should support a cookie size of at least 4096 bytes, at least 300 total cookies, and at least 20 cookies per domain or unique host. RFC 2109规定,浏览器应支持每个域或唯一主机的Cookie大小至少为4096字节,总共300个Cookie以及至少20个Cookie。 This article shows a cookie-size test from 2009. This 2008 blog post notes a few more items about how individual browsers handle cookies. 本文显示了2009 年的cookie大小测试。 此2008年的博客文章还介绍了一些有关单个浏览器如何处理cookie的项目。
Note that IE 7 and later limit the number of cookies per domain to 50, whereas earlier versions of IE had a limit of 20 per domain. 请注意, IE 7和更高版本将每个域的Cookie数量限制为50个,而较早版本的IE每个域的限制为20个。
RFC 2109 and numerous online references suggest that a maximum size of around 4096 bytes is a good general assumption to stick to. RFC 2109和许多在线参考资料表明,要坚持大约4096字节的最大大小是一个很好的一般假设。 If you can't keep below that limit, you will probably have to store your data on the server somehow. 如果不能保持在该限制以下,则可能必须以某种方式将数据存储在服务器上。
If it's not cookie size that's the issue, more info on exactly how you're storing and retrieving your cookie values will help the group address your question. 如果不是cookie大小的问题,那么有关如何存储和检索cookie值的更多信息将有助于该小组解决您的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.