stackoom
  简体   繁体   中英

javascript document.cookie missing some pairs

 原文  2010-10-12 02:26:17       javascript/ cookies

Question

My script set up ten cookies and the browser successfully saved them, but document.cookie only retrieves nine pairs, the missing pair is as follow: 

auth:4ae9Mq1j6tjt7dV6kV6A0piHB6NnNjijBmecax9mA8cfDpSs6pnAcD7H1%2FUqWMIIB%2BbgtKIJ2w1L2GnXkgV2

What happened? Is there a character limit in document.cookie ? The cookie domain is the same as all the others.

2 answers

solution1
 7  2012-05-30 13:46:42

The problem is that the server side is sending the cookies with the HttpOnly setting as described here: http://en.wikipedia.org/w/index.php?title=HTTP_cookie#HttpOnly_cookie

Cookies sent this way are not accessible thru document.cookie. This is generally used to help protect the cookie value against possible XSS attacks on your site.

You didn't mention which technology you're using on the server side to set the cookies. In case you're using PHP, this link lists the possible ways the HttpOnly flag could be set:

https://www.owasp.org/index.php/HttpOnly#Using_PHP_to_set_HttpOnly

solution2
 0  2011-07-04 03:43:26

I have two clarifying questions:

  1. Why do you think that your "browser successfully saved" all of your cookie crumbs if the final crumb does not appear to be stored in document.cookie?
  2. Is the missing value the one you attempted to add last? If so, from the information you've provided, I assume that value is too long to store in the cookie.

The size in bytes of your cookie crumb string depends on your encoding.

You can read more about the maximum cookie size and number allowed per domain here . You can read an older discussion of what happens if you exceed the limit in different browsers here . These limits vary per browser.

RFC 2109 states that browsers should support a cookie size of at least 4096 bytes, at least 300 total cookies, and at least 20 cookies per domain or unique host. This article shows a cookie-size test from 2009. This 2008 blog post notes a few more items about how individual browsers handle cookies.

Note that IE 7 and later limit the number of cookies per domain to 50, whereas earlier versions of IE had a limit of 20 per domain.

RFC 2109 and numerous online references suggest that a maximum size of around 4096 bytes is a good general assumption to stick to. If you can't keep below that limit, you will probably have to store your data on the server somehow.

If it's not cookie size that's the issue, more info on exactly how you're storing and retrieving your cookie values will help the group address your question.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Alternative for document.cookie in JavaScript Javascript - Security of document.cookie Javascript “document.cookie” in Android? For some reason document.cookie not working Cookie (document.cookie) document.cookie() function is not working in Javascript Is it possible to mock document.cookie in JavaScript? Javascript document.cookie remove “name” and “value” How to use multiple document.cookie in JavaScript? document.cookie is empty in angular 2 component - JavaScript
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM