The widest area in the world is the ocean. The sky is wider than the ocean, and the human heart is wider than the sky. How much is the human heart, and how much is the achievement of life. Instead of fighting, fighting, and winning for the benefit of your own, you can eliminate the heart of revenge and jealousy. Naturally, "the bottom of your heart is selfless ".
Cookie is the best method for identifying users and implementing persistent sessions. Cookie was initially developed by Netscape, but now all major browsers support it.
Cookie type: Session Cookie and persistent cookie
Session cookie is a temporary cookie that records the settings and preferences of users when accessing the site. When you exit the browser, the session cookie is deleted.
Persistent cookies have been stored for a long time. They are stored on the hard disk, the browser exits, and the computer restarts. The persistent cookie is usually used to maintain the configuration file or login name of the site that the user periodically accesses.
The only difference between session cookies and persistent cookies is their expiration time.
If the discard parameter is set, or the expires or Max-age parameter is not set to indicate the extension expiration time, this cookie is a session cookie.
To create a persistent cookie ----- You must set the expires or Max-age parameter.
Cookie composition and version
The cookie specification currently used has two different versions: Cookie version 0 (sometimes known as Netscape cookies) and cookie version 1 (rfc2965 ).
Cookie version 1 is an extension of cookie version 0 and is not widely used as the latter.
Both cookie specification version 0 and Version 1 are not provided in part of the http1.1 specification last night.
Title |
Description |
Location |
Persistent client status: HTTP cookies |
Initial Netscape cookie standards |
Http://home.netscape.com/newsref/std/cookie_spec.html |
RFC 2965: HTTP Status Management Mechanism |
The cookie standard of October 2000 has been removed from rfc2109 |
Http://www.ietf.org/rfc/rfc2965.txt |
Cookies version 0 (Netscape)
Defines the set-Cookie Response Header, Cookie request header, and fields used to control cookies.
Set-Cookie header of version 0
Set-Cookie header has a mandatory cookie name and cookie value, followed by optional cookie attributes separated by semicolons.
Set-Cookie attributes
Set-Cookie attributes |
Description and instance |
Name = Value |
Mandatory.Both name and value are character sequences. Unless enclosed in double quotation marks, they do not contain semicolons, commas, equal signs, and spaces. The Web server can create any name = value Association and send it back to the Web server: set-COOKIE: Customer = Mary during subsequent access to the site. |
Expires |
Optional.This attribute specifies a date string to define the actual survival time of the cookie. Once the expiration date is reached, the cookie will no longer be stored or published. The date format is weekday, DD-mon-yy hh: mm: SS GMT The only valid time zone is GMT. The delimiter between each date element must be a long line. If expires is not specified, the cookie will expire at the end of the user session: Set-COOKIE: Foo = bar; expires = Wednesday, 09-nov-99 23:12:30 GMT |
Domain |
Optional.The browser only sends cookies to the specified server host name. In this way, the server restricts the cookie to a specific domain. The acme.com domain matches anvil.acme.com and shipping.crat.acme.com, but does not match www.cnn.com. Only hosts in the specified domain can set cookies for a domain. These domains have at least two or three periods to prevent domain names in the form of. com,. Edu, and VA. Us. A set of fixed high-level domains are listed here. Only two periods are required for the domains falling in this range. All other domains must have at least three periods. Specific high-level domains include: . Com ,. edu ,. net ,. org ,. gov ,. mil ,. int ,. biz ,. info ,. name ,. museum ,. coop ,. aero and. pro. If no domain is specified, the default host name is the host name of the server that generates the set-Cookie response: Set-COOKIE: Shipping = FedEx; domain = "jose-hardware.com" |
Path |
Optional.This attribute can be used to allocate cookies to specific documents on the server. If the path attribute is a URL path prefix, a cookie can be appended. Path/Foo matches/foobar and/Foo/bar.html. Path. Matches all content in the domain name. If no path is specified, set it to the URL that generates the set-Cookie response: Set-COOKIE: lastorder = 00183; Path =/orders |
Secure |
Optional.If such an attribute is included, the cookie is sent only when HTTP uses an SSL secure connection: Set-COOKIE: private_id = 733; secure |
Cookie header of version 0
When the client sends a request, all the unexpired cookies that match the domain, path, and security filter are sent to the site. All cookies are combined into one cookie header:
COOKIE: Session-id = 002-2222233-2233322; Session-ID-time = 1033949384
Cookies1 (RFC 2965)
RFC 2965 defines an extended version of a cookie. This version 1 standard introduces the Set-Cookie2 header and cookie2 header, it is slightly more complex than the standard of the net scene, has not yet been fully supported.
Change items:
1. associate each cookie with explanatory text to explain its purpose
2. The cookie can be forcibly destroyed without considering the expiration time when the browser exits.
3. Use relative seconds instead of absolute dates to represent the max-age of the cookie
4. Use the URL port number, not just the domain and path filter (if any)
5. version number used for Interoperability
6. Separate the $ prefix of the additional keyword from the name in the cookie header.
The syntax of cookie version 1 is as follows:
Set-Cookie |
= |
& Quot; Set-Cookie2: & quot; cookies |
Cookies |
= |
1 # cookie
|
Cookie |
= |
Name "=" value * (", set-cookie-Av ") |
Name |
= |
ATTR |
Value |
= |
Value |
Set-cookie-AV |
= |
"Comment" "=" Value |
|
| |
"Commenturl" "=" <"> http_url <"> |
|
| |
"Discard" |
|
| |
"Domain" "=" Value |
|
| |
"Max-Age" = "Value |
|
| |
"Path" "=" Value |
|
| |
"Port" ["=" <"> portlist <">] |
|
| |
"Secure" |
|
| |
"Version" "=" 1 * Digit |
Portlist |
= |
1 # portnum |
Portnum |
= |
1 * Digit |
|
|
|
Cookie |
= |
"Cookie:" cookie-Version 1 * (";" | ",") cookie-value) |
Cookie-Value |
= |
Name "=" value [";" path] [";" Domain] [";" port] |
Cookie-version |
= |
"$ Version" "=" |
Name |
= |
ATTR |
Value |
= |
Value |
Path |
= |
"$ Path" "=" Value |
Domain |
= |
"$ Domain" "=" Value |
Port |
= |
"$ Port" ["=" <"> value <">] |
Cookie2 |
= |
"Cookie2:" cookie-version |
Version 1 Set-Cookie2 Header
Set-cookie2 Properties |
Description and instance |
Name = Value |
Mandatory. The Web server can create any name = value Association and send it back to the Web server during subsequent accesses to the site. "$" is a reserved character, so the name must not start with it. |
Version |
Mandatory. This attribute value is an integer corresponding to the cookie Specification Version. RFC 2965 is version 1: Set-Cookie2: Part = "rocket_launcher_0001"; version = "1" |
Comment |
Optional. This attribute shows how the server prepares to use this cookie. The user can determine whether to allow session with this cookie by checking the policy, which must be UTF-8 encoded |
Commenturl |
Optional. This property provides a URL pointer pointing to a document that describes the purpose and policy of a cookie in detail. You can check this policy to determine whether to allow sessions with this cookie. |
Discard |
Optional. If this attribute is provided, the client will be instructed to discard the cookie when the client program ends. |
Domain |
Optional. The browser only sends cookies to the server host name in the specified domain. In this way, the server can restrict the cookie to a specific domain. The acme.com domain matches the host name anvil.acme.com and shipping.crate.acme.com, but does not match www.cnn.com. Domain name matching rules are basically the same as those of the website cookie, but there are several additional rules. |
Max-age |
Optional. The value of this attribute is an integer used to set the cookie lifetime in seconds. The client should calculate the cookie validity period based on the HTTP/1.1 validity period calculation rules. The client should discard the cookie when the cookie is used for a longer period than Max-age. If the value is zero, the cookie should be discarded immediately. |
Path |
Optional. This attribute can be used to specify cookies for specific documents on the server. If the path attribute is the prefix of a URL path, you can append a cookie. Path/Foo matches/foobar and/Foo/bar.html. Path "/" matches all content in the domain. If no path is specified, set it to the path for generating the set-Cookie response. |
Port |
Optional. This attribute can be used separately as a keyword, or it can contain a comma-separated list of ports that can apply cookies. If a port list exists, only the cookie can be provided to the server whose port matches the port in the list. If a keyword port is provided separately without a value, the cookie can only be provided to the port number of the current responding server. |
Secure |
Optional. If this attribute is included, the cookie can be sent only when the SSL secure connection is used in HTTP. |
Cookie header of version 1
Cookie of version 1 will bring back additional information related to each sent cookie, which is used to describe the filter of each Cookie Path. Each matching Cookie must contain all domain, port, or path attributes from the corresponding Set-Cookie2 header.