[英]How to modify Cookie from Ajax call
I have this code: 我有这个代码:
window.onload = function() {
document.cookie = 'foo=bar; expires=Sun, 01 Jan 2012 00:00:00 +0100; path=/';
var xhr = new XMLHttpRequest();
xhr.open("GET", "/showcookie.php",true);
xhr.setRequestHeader("Cookie", "foo=quux");
xhr.setRequestHeader("Foo", "Bar");
xhr.setRequestHeader("Foo", "Baz");
xhr.withCredentials = true;
var pre = document.getElementById('output');
xhr.onreadystatechange = function() {
if (4 == xhr.readyState) {
pre.innerHTML += xhr.responseText + "\n";
}
};
xhr.send(null);
};
and this /showcookie.php 这个/showcookie.php
<?php
print_r($_COOKIE);
?>
and it always show 它总是显示出来
Array
(
[Host] => localhost
[User-Agent] =>
[Accept] =>
[Accept-Language] => pl,en-us;q=0.7,en;q=0.3
[Accept-Encoding] => gzip,deflate
[Accept-Charset] => ISO-8859-2,utf-8;q=0.7,*;q=0.7
[Keep-Alive] => 115
[Connection] => keep-alive
[foo] => Baz
[Referer] =>
[Cookie] => foo=bar
)
Array
(
[foo] => bar
)
I'm using Firefox 3.6.13, Opera 11.00 and Chromium 9.0 on Ubuntu. 我在Ubuntu上使用Firefox 3.6.13,Opera 11.00和Chromium 9.0。
Is anybody have the same problem or maybe it's impossible to modify Cookie header. 是否有人有同样的问题或者修改Cookie标头是不可能的。
The Cookie header is one of several which cannot be modified in an XMLHttpRequest
. Cookie标头是
XMLHttpRequest
无法修改的几个标头之一。 From the specification : 从规格 :
Terminate [execution of the
setRequestHeader
method] if header is a case-insensitive match for one of the following headers:如果header是以下标头之一的不区分大小写的匹配,则终止[执行
setRequestHeader
方法] :
- Accept-Charset
接收字符
- Accept-Encoding
接受编码
- Connection
连接
- Content-Length
内容长度
- Cookie
曲奇饼
- Cookie2
COOKIE2
- Content-Transfer-Encoding
内容传输编码
- Date
日期
- Expect
期望
- Host
主办
- Keep-Alive
活着
- Referer
引荐
- TE
TE
- Trailer
预告片
- Transfer-Encoding
传输编码
- Upgrade
升级
- User-Agent
用户代理
- Via
通过
… or if the start of header is a case-insensitive match for Proxy- or Sec- (including when header is just Proxy- or Sec-).
...或者如果标头的开头是Proxy-或Sec-的不区分大小写匹配(包括标头只是代理或秒)。
The above headers are controlled by the user agent to let it control those aspects of transport.
上述标题由用户代理控制,以便控制传输的这些方面。 This guarantees data integrity to some extent.
这在一定程度上保证了数据完整性。 Header names starting with Sec- are not allowed to be set to allow new headers to be minted that are guaranteed not to come from XMLHttpRequest.
不允许将以Sec-开头的头名称设置为允许新的头文件被保证不会来自XMLHttpRequest。
I think this might be a hard constraint on the XHR functionality. 我认为这可能是对XHR功能的一个严格限制。
Setting the clientside document.cookie caused the Cookie header to be sent in requests as expected. 设置clientside document.cookie导致Cookie标头按预期在请求中发送。 If you want to pass a cookie value in an an ajax request this might be the way to go.
如果你想在一个ajax请求中传递一个cookie值,这可能就是你要走的路。
A workaround is to send a custom header to the php script with the cookie string you want to set: 解决方法是使用您要设置的cookie字符串将自定义标头发送到php脚本:
// in the js...
xhr.open("GET", "showcookie.php",true);
//xhr.setRequestHeader("Cookie", "foo=quux");
xhr.setRequestHeader("X-Set-Cookie", "foo2=quux");
xhr.withCredentials = true;
Then in your showcookie.php you can grab the custom header value and fire a set-cookie response header: 然后在showcookie.php中,您可以获取自定义标头值并触发set-cookie响应标头:
$cookie = $_SERVER['HTTP_X_SET_COOKIE'];
// NOTE: really should sanitise the cookie input.
header('Set-Cookie: ' . $cookie);
print_r($_COOKIE);
Note that you wont see a cookie header until the response is parsed by the browser. 请注意,在浏览器解析响应之前,您不会看到cookie标头。 Also please make sure you sanitise the contents of the X_SET_COOKIE header - this is a proof of concept only:)
另外请确保您清理X_SET_COOKIE标题的内容 - 这只是一个概念验证:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.