关于RFC2109
1.abstract 主要讲了Cookie和Set—Cookie,他们是保持用户和服务器间通话状态的。 2.The origin server effectively ends a session by sending the client a Set-Cookie header with Max-Age=0. The syntax for the Set-Cookie response header is set-cookie = "Set-Cookie:" cookies cookies = 1#cookie cookie = NAME "=" VALUE *(";" cookie-av) NAME = attr VALUE = value cookie-av = "Comment" "=" value | "Domain" "=" value | "Max-Age" "=" value | "Path" "=" value | "Secure" | "Version" "=" 1*DIGIT 3.Comment=comment Optional. Because cookies can contain private information about a user, the Cookie attribute allows an origin server to document its intended use of a cookie. The user can inspect the information to decide whether to initiate or continue a session with this cookie. 因为Cookie包含用户的私人信息,这个属性表示服务器是不是要用Cookie,用户可以查看这个属性来确定是是不是用Cookie来使用session 4. Domain=domain Optional. The Domain attribute specifies the domain for which the cookie is valid. An explicitly specified domain must always start with a dot. Domain属性描述了那个域名对Cookie是有效的,一个明确描述域名的是一个“.”开始的。 5. Max-Age=delta-seconds Optional. The Max-Age attribute defines the lifetime of the cookie, in seconds. The delta-seconds value is a decimal non- negative integer. After delta-seconds seconds elapse, the client should discard the cookie. A value of zero means the cookie should be discarded immediately. Max-age属性表示Cookie的生存时间,值是十进制非负整数。当时间到了以后,客户端会立刻丢弃Cookie,如果值是0表示Cookie必须马上丢弃。 6. Path=path Optional. The Path attribute specifies the subset of URLs to which this cookie applies. path属性是应用Cookieurl的子集。 7. Secure Optional. The Secure attribute (with no value) directs the user agent to use only (unspecified) secure means to contact the origin server whenever it sends back this cookie. The user agent (possibly under the user's control) may determine what level of security it considers appropriate for "secure" cookies. The Secure attribute should be considered security advice from the server to the user agent, indicating that it is in the session's interest to protect the cookie contents. secure属性(没有值)是有urser agent使用没有定义好的一个值来和服务器联系,然后服务器会返回这个值。 8. Version=version Required. The Version attribute, a decimal integer, identifies to which version of the state management specification the cookie conforms. For this specification, Version=1 applies. 9. The origin server should send the following additional HTTP/1.1 response headers, depending on circumstances: * To suppress caching of the Set-Cookie header: Cache-control: no-cache="set-cookie". and one of the following: * To suppress caching of a private document in shared caches: Cache-control: private. * To allow caching of a document and require that it be validated before returning it to the client: Cache-control: must-revalidate. * To allow caching of a document, but to require that proxy caches (not user agent caches) validate it before returning it to the client: Cache-control: proxy-revalidate. * To allow caching of a document and request that it be validated before returning it to the client (by "pre-expiring" it): Cache-control: max-age=0. Not all caches will revalidate the document in every case. 当Cook是不是共享Cookie时,有以上几种验证的情况 10.关于Cookie参数的说明 Version:Defaults to "old cookie" behavior. as originally specified by Netscape. See the HISTORICAL section. Domain: Defaults to the request-host. (Note that there is no dot at the beginning of request-host.) Max-Age: The default behavior. is to discard the cookie when the user agent exits. Path: Defaults to the path of the request URL that generated the Set-Cookie response, up to, but not including, the right-most /. Secure: If absent, the user agent may send the cookie over an insecure channel. 11. Rejecting Cookies(Cookie拒绝) To prevent possible security or privacy violations, a user agent rejects a cookie (shall not store its information) if any of the following is true: * The value for the Path attribute is not a prefix of the request- URI. * The value for the Domain attribute contains no embedded dots or does not start with a dot. * The value for the request-host does not domain-match the Domain attribute. * The request-host is a FQDN (not IP address) and has the form. HD, where D is the value of the Domain attribute, and H is a string that contains one or more dots. Examples: * A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com would be rejected, because H is y.x and contains a dot. * A Set-Cookie from request-host x.foo.com for Domain=.foo.com would be accepted. * A Set-Cookie with Domain=.com or Domain=.com., will always be rejected, because there is no embedded dot. * A Set-Cookie with Domain=ajax.com will be rejected because the value for Domain does not begin with a dot. 12. Sending Cookies to the Origin Server When it sends a request to an origin server, the user agent sends a Cookie request header to the origin server if it has cookies that are applicable to the request, based on * the request-host; * the request-URI; * the cookie's age. The syntax for the header is: cookie = "Cookie:" cookie-version 1*((";" | ",") cookie-value) cookie-value = NAME "=" VALUE [";" path] [";" domain] cookie-version = "$Version" "=" value NAME = attr VALUE = value path = "$Path" "=" value domain = "$Domain" "=" value 13. Implementation Limits Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously: * at least 300 cookies * at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header) * at least 20 cookies per unique host or domain name User agents created for specific purposes or for limited-capacity devices should provide at least 20 cookies of 4096 bytes, to ensure that the user can interact with a session-based origin server. 14 Protocol Design We consider it acceptable for hosts host1.foo.com and host2.foo.com to share cookies, but not a.com and b.com. 不能跨域使用Cookie |
TAG:
标题搜索
日历
|
|||||||||
日 | 一 | 二 | 三 | 四 | 五 | 六 | |||
1 | 2 | 3 | 4 | ||||||
5 | 6 | 7 | 8 | 9 | 10 | 11 | |||
12 | 13 | 14 | 15 | 16 | 17 | 18 | |||
19 | 20 | 21 | 22 | 23 | 24 | 25 | |||
26 | 27 | 28 | 29 | 30 | 31 |
我的存档
数据统计
- 访问量: 2159
- 日志数: 4
- 建立时间: 2009-01-07
- 更新时间: 2010-06-16