Cookie usage tips in JavaScript and privacy settings on the server _javascript tips

Read Cookie string method:

Copy Code code as follows:

A Web site's cookie string contains all the cookies (JavaScript-accessible, not-httponly cookies) under the site's domain name, separated by semicolons and a single space between multiple cookies, up to 20 or 50, for example, The string format containing 2 cookies is

Copy Code code as follows:

Document.cookie = "key1=value1; Key2=value2 "

A cookie string of up to 4k, exceeding the number limit or length limit will return a null value, the number of cookies exceeds the limit, will cause some other cookies lost, by specification, the missing should be the most recent, least used, but the implementation of the browser does not fully follow this specification.

To set the method for a cookie:

Copy Code code as follows:

Document.cookie= "key=value;expires=date;path=/;d omain=xxx.com;secure";

To set multiple cookies, use Document.cookie = XXX repeatedly to automatically splice the other cookies into a cookie string.

If you want to read the value of a cookie, you can only get it by parsing the cookie string.

Here are a few parameters when setting cookies

1, name and value: Key is the cookie name, value is the cookie value

2, Expiration Time: Expires used to set the expiration time, for Greenwich string format, such as

Copy Code code as follows:

"Fri, Dec 00:00:00 GMT"

If you do not set an expiration time, the cookie expires when the browser closes.

3, belong to the road strength: a Web page in a script set the cookie by default only for the Web page in the folder and its subfolders of the Web Access, such as http://www.jb51.net/aa/1.html set the cookie can not be http:// www.jb51.net/bb/2.html access, more often hope that a cookie can be accessed by all pages of the site, this requires the Path property set, path=/that the cookie belongs to the road is the root directory, so this site all the pages can be accessed.

4, the domain name: Cookies can not access across the domain, in general, cookies only for the use of the site, if you want to share under multiple sites, then share the cookie site must have the same primary domain name, by setting domain properties to achieve. For example, if you want www.jb51.net and bbs.jb51.net to share cookies under the two two-level domain names, you need to set up a cookie domain=jb51.net

5, encrypted transmission: If a cookie with the secure attribute, then the cookie will be transferred to the server in the way of encrypted data transmission.

Cookie string Encoding:

The cookie string cannot contain spaces, semicolons, commas, and other special symbols, and if they can be included, you can use the encodeURIComponent () function to encode the value of the cookie and read the cookie Value, use the decodeURIComponent () function to convert the value back, such as document.cookie= "key=" +encodeuricomponent (value);

Set cookies on the server and declare their privacy (secure and HttpOnly):

Sometimes for security, you may need to restrict access to some cookies

Secure: This cookie is used only for HTTPS secure connections

Httponly:cookie is used only during HTTP transport, JavaScript cannot access the cookie

For example, use the built-in function Setcookie () in PHP to set a cookie with privacy restrictions

Setcookie ("Useridcookie", "123456", Time () +60*30, '/', ' mytest.com ', false,true);

The sixth parameter indicates whether it is used for HTTPS connections only, and the seventh argument true indicates whether it is HttpOnly

Cross-domain requests and third-party cookies, and P3P (Personal privacy protection policy):

Browser privacy settings (or content settings, chrome in Advanced settings-content setting options), when setting the prohibit use of third-party cookies, Cross-domain requests (including IFRAME, IMG, javascript files, etc. requests) cannot send a cookie belonging to the domain.

For example, referencing a Cross-domain page http://www.jb51.net/index.html through an IFRAME, even if the browser holds a cookie belonging to the other.com domain name named Otherloginfrag, in the IFRAME Otherloginfrag is not sent to the www.other.com server along with the request when the page is requested.

Third party cookies may be slightly different in different browsers, for example, when Safari disables a Third-party cookie, the submit from form is only post to submit the cookie.

If you can still send a Cross-domain request cookie when you want to disable a third-party cookie in your browser, you will need to use the P3P response header in a Cross-domain server to advance the cookie that is allowed to be sent.

Copy Code code as follows:

 // php  Header (' P3P: cp= "Cura ADMa DEVa Psao psdo We bus UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" ' );  Setcookie ("Useridcookie", "123456");