简体繁体 English

cookie.setMaxAge奇怪的行为

[英]cookie.setMaxAge strange behaviour

原文 2012-10-18 15:12:17 3 2 java/ jsp/ java-ee/ servlets/ cookies

I work in a jsp based website that needs cookies enabled in order to navigate it (It is an internal site, it will not be exposed to the internet). 我在一个基于jsp的网站上工作，该网站需要启用cookie才能进行导航（它是一个内部网站，不会暴露于Internet）。

The first visit of a user will return a 302 to the same url that was requested, and set a cookie for an hour. 用户的首次访问将返回302到所请求的相同网址，并设置一个小时的cookie。

I am using Cookie.setMaxAge(60*60); 我正在使用Cookie.setMaxAge(60*60); to set the expiry date. 设置到期日期。

I am having a really weird behaviour with some versions of some browsers where they keep redirecting forever. 在某些版本的浏览器中，它们永远重定向，我的行为很奇怪。 (Some work, some don't work). （有些工作，有些不工作）。

After a lot of investigation, we've discovered that the time in the server is not set to the correct time, and it has its time set to two hours and a half in the past, rsulting on that the cookie may "expired" as it is set. 经过大量调查，我们发现服务器中的时间未设置为正确的时间，并且将其时间设置为过去的两个半小时，结果导致Cookie可能“过期”，因为它被设置。 (here's my doubt) （这是我的疑问）

Unfortunately this is a production server and I cannot change it easily (it's being requested but it will take some time). 不幸的是，这是一台生产服务器，我无法轻松对其进行更改（有人提出要求，但需要一些时间）。

Just to confirm this was the issue, I changed the time of a client machine to two hours and a half in the past and it started to work fine in that machine. 为了确认这是问题所在，我将客户端计算机的时间更改为过去两个半小时，并且开始在该计算机上正常工作。

My questions are : 我的问题是：

what information is sent to the browser (regarding cookie expiry 什么信息发送到浏览器（关于cookie到期
date), it is an absolute date or is it relative to the current time?. 日期），它是绝对日期还是相对于当前时间？
does the browser send cookies if they are expired along with the expiry date or the browser just don't send them if they are expired? 如果Cookie连同到期日期一起过期，浏览器是否会发送？或者如果Cookie过期，浏览器不会发送它们吗？ ( I think is the second option). （我认为是第二种选择）。
as I had trouble with some browser and it worked with others, dont' know exactly here's the problem, in the appserver or in the browser? 因为我在使用某些浏览器时遇到了麻烦，并且与其他浏览器一起工作，所以不知道这是问题所在，无论是在应用服务器还是在浏览器中？

[EDIT] [编辑]

After reading RFC 6265 as Arham suggest, the expiry date can be set by the server as absolute or relative. 在按照Arham的建议阅读RFC 6265之后，服务器可以将到期日期设置为绝对或相对。 In case both are presenr, relative takes precedence. 如果两者都存在，则以亲戚为准。 The appserver I am using is setting the cookie with the absolute value (which is probably wrong), so I don't understand how it is working on some browsers. 我正在使用的应用服务器将cookie设置为绝对值（这可能是错误的），因此我不了解它在某些浏览器中的工作方式。

[/EDIT] [/编辑]

Thanks in advance. 提前致谢。

2 个解决方案

As per RFC 1123, the date is specified in the form of “Wdy, DD Mon YYYY HH:MM:SS GMT”. 根据RFC 1123，日期以“ Wdy，DD Mon YYYY HH：MM：SS GMT”的形式指定。
As per RFC 6265, the cookie's expiration is relative to the time the browser received the cookie. 根据RFC 6265，cookie的有效期与浏览器收到cookie的时间有关。
Browser deletes the cookie once it's expired, hence it cant send the same cookie to the server. 一旦Cookie过期，浏览器就会删除它，因此它无法将相同的Cookie发送到服务器。