我正在使用Laravel 4来开发我的应用程序。 但我有一些关于设置cookie的问题。 这是app/routes.php一些代码:
Route::get('/', function(){ // Set a cookie before a response has been created ?? Cookie::queue('test0', '123', 10); $app = App::getFacadeApplication(); $version = $app::VERSION; //Creating Custom Responses $response = Response::make("<html><body> Version: $version <br/> <script type=\"text/javascript\"> document.write(document.cookie); </script> </body></html>", 200); $response->withCookie(Cookie::make('test1', '0123', 10)); //Queue after response created Cookie::queue('test2', '123', 10); Cookie::queue('test3', '123', 10); setcookie('test4', '123', time() + 60*10); return $response->withCookie(Cookie::make('test5', '0123', 10)); });但是,当我运行此代码时,它不会设置所有值。 这是我的结果:
只有php内置函数可以工作,任何其他函数如Cookie::queue , withCookie对我来说都不起作用,但是在Cookies set by this page弹出的Cookies set by this page如上图所示,它仍然具有所有cookie值 那么,这里的问题是什么? 为什么test2的值不是'123' ?
I'm using Laravel 4 to develop my application. But I have some problem about setting cookie. Here is some code in app/routes.php:
Route::get('/', function(){ // Set a cookie before a response has been created ?? Cookie::queue('test0', '123', 10); $app = App::getFacadeApplication(); $version = $app::VERSION; //Creating Custom Responses $response = Response::make("<html><body> Version: $version <br/> <script type=\"text/javascript\"> document.write(document.cookie); </script> </body></html>", 200); $response->withCookie(Cookie::make('test1', '0123', 10)); //Queue after response created Cookie::queue('test2', '123', 10); Cookie::queue('test3', '123', 10); setcookie('test4', '123', time() + 60*10); return $response->withCookie(Cookie::make('test5', '0123', 10)); });But when I run this code, it doesn't set all value. Here is my result:
Only the php build-in function work, any other function like Cookie::queue, withCookie didn't work for me, but in the Cookies set by this page popup like the image above, it still have all cookie value So, what is the problem here? And why the value of test2 is not '123' ???
最满意答案
这是因为您设置的cookie是HttpOnly cookie 。
HttpOnly cookie只能在通过HTTP(或HTTPS)传输时使用。 它们无法通过非HTTP API(如JavaScript)访问。 此限制通过跨站点脚本(XSS)减轻但不消除会话cookie被盗的威胁。 大多数现代浏览器都支持HttpOnly cookie。
Cookie::make()方法有七个参数。 您可以在httpOnly (默认为true)设置为false。
Cookie::make($name, $value, $minutes, $path, $domain, $secure, $httpOnly);编辑
在laravel中,为了安全起见,cookie值会自动使用密钥进行加密,该密钥在app/config/app.php设置。 要获得您想要做的事情,您需要遵循以下两种方式:
只需在php中使用传统的setCookie方法即可。
setcookie($name, $value, $expire, $path, $host, $secure, $httpOnly);否则,您可以使用这种棘手的方式。 访问未加密的cookie
希望它对你有用。
This is because the cookie you set is HttpOnly cookie.
HttpOnly cookies can only be used when transmitted via HTTP (or HTTPS). They are not accessible through non-HTTP APIs such as JavaScript. This restriction mitigates, but does not eliminate, the threat of session cookie theft via cross-site scripting (XSS). HttpOnly cookies are supported by most modern browsers.
Cookie::make() method takes seven parameters. You can set httpOnly (default is true) to false in laravel.
Cookie::make($name, $value, $minutes, $path, $domain, $secure, $httpOnly);Edit
In laravel, cookie value is automatically encrypted with key which is set in app/config/app.php for security reason. To get what you want to do, you need to follow this two ways :
Just use traditional setCookie method in php.
setcookie($name, $value, $expire, $path, $host, $secure, $httpOnly);Otherwise, you can use this tricky way. Accessing unencrypted cookies
Hope it will be useful for you.
更多推荐
发布评论