标签:set name 220505 will How cookie Cookie works sent
目录How does cookie works?
As we know that a cookie is a small and non-edible plain text file. It is stored in the browse, to be more precise, stored in the client side local. It simply contains a small amount of data. (location of cookie)
The data in the cookie is sent over by the server, and It will be used in subsequent requests as an identifier of sorts. Cookies are mainly used to remember state(log in state, shopping cart items, user preferences etc.)
How cookie be setted ?
Cookies are created when the server sends over one or more Set-Cookie
headers with its response:
Set-Cookie: NAME=VALUE
It could be any name-value pair, but each cookie can contain only 1 name-value pair. If you need more than 1 cookie, then multiple Set-Cookie
headers are needed, like :
HTTP/2.0 200 OK
Content-Type: text/html
Set-Cookie: viola=red_panda
Set-Cookie: mathia=polar_bear
Once the cookie is set, all subsequent requests to the server next will also have the cookies in its request header.
GET /subsequnt/example/ HTTP/2
Host: example.com
Cookie: viola=red_panda; mathia=polar_bear
Even though cookies are usually created on the server, you cao also create them on the client-side with JavaScript, using document.cookie
.
Browser cookies also have a number of attributes in addition to the name-value pair mentioned earliler.
Cookie attributes
Adding special prefixes to the cookie name also forces execute certain requirements.
- If your cookie name starts with
__Secure-
: it must be set with thesecure
flag from a page served withHTTPS
. - If your cookie name starts with
__Host-
: it must be set with thesecure
flag from a page served withHTTPS
, and must not have a domain specified and its path must be/
.
The rest of the attributes are optional but can impact cookie behaviour signigicantly depending on what values are set.
Expires=<date>
: When a cookie passes its expiry date, it will no longer be sent with browser requests, and instead will be deleted. The date value is a HTTP timestamp.Max-Age=<number>
: Also related to a cookie's expiry, but in seconds. After the specified amount of time, the cookie will expire, so setting it to 0 or negative number means instant expiry.Max-Age
takes precedence overExpires
is both are set.Domain=<domain-value
: Specifies the host where the browser cookie gets sent to. Only a single domain is allowed. If not present, this defaults to the current document URL's host. When specified, all sub-domains are included as well.Path=<path-value>
: Cookie will only be sent if the path exists in the current URL.Secure
: Cookie will only be sent when the request is made with HTTPS.HttpOnly
: JavaScript cannot access the cookie throughdocument.cookie
(to mitigate XSS attacks)SameSite=<samesite-value>
: Specifies if a cookie is sent with cross-origin-request.Strict
: means the cookie is only sent for requests originating from the same URL as the current one.Lax
: means the cookie is not sent on cross-site requests, bull will be sent if the user navigates to the origin site from an external site.None
: means the cookie will be sent on both samesite and cross-site requests, but can only be used if theSecure
attribute is also set.
Set and Get rid of cookie
To create a new cookie, you can do something like this :
document.cookie = "example=hello_cookie"
If you want more, you can do this repeatly.
To reset cookie, or get rid of cookie, you can set it expire attribute:
documen.cookie = "example=hello;expires=Thu, 01 Jan 1970 00:00:00 GMT"
标签:set,name,220505,will,How,cookie,Cookie,works,sent 来源: https://www.cnblogs.com/jaycethanks/p/16227655.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。