Format and composition of cookies

Source: Internet
Author: User
Tags in domain to domain

Transferred from: http://blog.csdn.net/talking12391239/article/details/9665185

A cookie consists of a variable name and value, similar to a JavaScript variable. The attributes include both standard cookie variables and variables created by the user, which are stored in the form of variable = value.
According to Netscape Company's rules, the cookie format is as follows:

Set-cookie:name=value;expires=date;path=path;domain=domain_name;secure

Name=value:

This is an essential part of every cookie. "Name" is the name of the cookie, and value is the cookie. In the string "Name=value", characters such as semicolons, commas, and spaces are not included.
The expires=date:expires variable is a write-only variable that determines the valid expiration date of the cookie. The attribute value date must be written in a specific format: Day of the week, Dd-mm-yy HH:MM:SS Gmt,gmt said it was Greenwich mean time. Conversely, the system will not be recognized if it is not written in such a format. This variable can be saved, if the default, the property value of the cookie will not be stored on the user's hard disk, but only in memory, the cookie file will automatically disappear as the browser closes.
Domain=domain-name:domain the variable is a write-only variable that determines which Web servers in the Internet domain can read the cookies accessed by the browser, that is, only pages from this domain can use the information in the cookie. This setting is optional and, if default, sets the property value of the cookie to the domain name of the Web server.
The Path=path:path property defines which paths on the Web server have pages that can obtain server-set cookies. Generally, if the user enters the path portion of the URL from the first character beginning to include the string defined by the Path property, the browser is considered to pass the check. If the value of the Path property is "/", the cookie can be read by all WWW resources on the Web server. Also, this setting is optional, if default, the path's property value is the pathname of the resource that the Web server passes to the browser.
We can see that with the setting of the domain and path two variables, we are able to effectively control the scope of the cookie file being accessed.
Secure: Marking the variable in a cookie indicates that the browser submits the appropriate cookie to the server only if the communication protocol between the browser and the Web server is the cryptographic authentication protocol. There is currently only one such protocol, that is, HTTPS.

Cookies record the contents of a session trace as a key value. The server uses the response header Set-cookie to send cookie information. The format of the Set-cookie response header defined in RFC2109 is:
Set-cookie:name = Value; Comment = value; Domain = value; Max-age = value; Path = Value;
Secure; Version = 1 * DIGIT;

Name is the name of the cookie, and value is its values. Name=value property value pairs must first appear, after which property-value pairs can appear in any order. In the servlet specification, the name of the cookie used for session tracking must be the Jsessionid,comment attribute is optional, because the cookie may contain other information about the user's private. This property allows the server to describe the use of this cookie, The user can check the message and then decide whether to join or continue the session. Domain properties are also optional. It is used to specify which domain the cookie is valid in. The specified field must be a dot (.) To start. The Max-age property is optional and is used to define the lifetime of the cookie, in seconds. If this time is exceeded, the client should discard the cookie. If the specified number of seconds is 0, the cookie should be discarded immediately. The Path property is optional and is used to specify which URL subset of this cookie is valid. The Secure property is required, and its value is a decimal number that identifies the version of the cookie according to the state management specification. For example:
Set-cookie:uid = Zhangsan; max-age=3600; domain=.sun.org; Path=/bbs; Version=1
It represents a cookie named UID with a value of Zhangsan. The lifetime is 3,600 seconds and is valid in the sunxin.org domain's BBS path. After 3,600 seconds, the client discards the cookie. When IE receives the above response header, it can choose to accept or reject the cookie. If the ID accepts this cookie, the next time the browser sends a request to a resource under the Http://www.sunxin.org/bbs path, the following request header is also sent:
Cookie:uid=zhangsan.

Here is a summary of what you have learned on the Internet (please correct me if you have any flaws):

1.domain represents the domain of the cookie, the default is the requested address, such as the URL is www.test.com/test/test.aspx, then domain defaults to www.test.com. and cross-domain access, If domain A is t1.test.com and domain B is t2.test.com, then a cookie that is made available to domain A and domain B is produced in Domain A to set the cookie's domain to. test.com; If you want to produce a cookie in domain A that makes domain a inaccessible and domain B can access the The domain of the cookie is set to t2.test.com.

2.path indicates the directory where the cookie resides, and the default is the root directory. On the same server, there are directories as follows:/test/,/test/cd/,/test/dd/, a cookie1 path for/test/,cookie2 is now set to/test/cd/, Then all pages under test can be accessed to cookie1, while/test/and/test/dd/'s sub-pages cannot access cookie2. This is because cookies allow pages in their path to be accessed.

3. The browser will save the same domain and path cookies in a file, separated by a * between the cookies.

4. Cookies with value key pairs: A cookie that used to be a nam=value single-key pair, and a pair with multiple sub-key values is masked. Now it's clear. The cookie format with multiple sub-key value pairs is name=key1=value1&key2=value2. You can understand that the value of a single-key value pair holds a custom multi-key value string, where the key-value pair is &, and, of course, you can customize a delimiter, but with ASP. NET gets the & separator.

Format and composition of cookies

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.