学习Cookie必须要阅读rfc2109.txt和rfc2965.txt.
To prevent possible security or privacy violations, a user agent
rejects a cookie (shall not store its information) if any of the
following is true:
* The value for the Path attribute is not a prefix of the request-
URI.
* The value for the Domain attribute contains no embedded dots or
does not start with a dot.
* The value for the request-host does not domain-match the Domain
attribute.
* The request-host is a FQDN (not IP address) and has the form HD,
where D is the value of the Domain attribute, and H is a string
that contains one or more dots.
Examples:
* A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com
would be rejected, because H is y.x and contains a dot.
* A Set-Cookie from request-host x.foo.com for Domain=.foo.com would
be accepted.
* A Set-Cookie with Domain=.com or Domain=.com., will always be
rejected, because there is no embedded dot.
* A Set-Cookie with Domain=ajax.com will be rejected because the
value for Domain does not begin with a dot.
上段英文描述了浏览器在什么情况下拒绝接收服务器端Cookie情景!
Cookie的数据结构:key,path,domain,max-age
Cookie 的隶属关系: Cookie先属于path,再属于domain。
使用事项:
- 避免在上级path和下级path中使用相同名字的cookie;
- 如果要在下级path中修改上级path要制定cookie的path关系;
- 在域的概念上,子域可以给父域设置cookie;反之不成立。
待续