HTTP Cookie

An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The browser may store it and send it back with the next request to the same server. 

Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in.

It remembers stateful information for the stateless HTTP protocol.

 

Cookie attributes

　　Domain and path

　　Set-Cookie: HSID=AYQEVn…DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly 

　　Expires and Max-Age

　　The Expires attribute defines a specific date and time for when the browser should delete the cookie. 
　　the Max-Age attribute can be used to set the cookie's expiration as an interval of seconds in the future.　　

　　Secure and HttpOnly

　　The Secure and HttpOnly attributes do not have associated values. Rather, the presence of just their attribute names indicates that their behaviors should be enabled.

Server -> Client : set-cookie field

　　The Set-Cookie HTTP response header sends cookies from the server to the user agent. A simple cookie is set like this:

　　Set-Cookie: <cookie-name>=<cookie-value> 　

　　Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2018 07:28:00 GMT;

Client -> Server: Cookie field

　　Cookie: name=value; name2=value2; name3=value3

Solution for client browser disabled cookies

　　1.URL rewrite

　　2.Form submit rewrite.

 

　　

 

转载于:https://www.cnblogs.com/full-stack-engineer/p/8372514.html