我正在写一个小的类,它作为一个非常基本的HTTP客户端。作为项目的一部分,我的工作,我做它使用网站了解。不过,目前还不清楚,我当我的客户端接收多个具有相同的键,但不同的价值观设置Cookie标头设置会发生什么。
I'm writing a small class that acts as a very basic HTTP client. As part of a project I'm working on, I'm making it cookie aware. However, it's unclear to me what happens when my client receives multiple "Set-Cookie" headers with the same key but different values are set.
例如,
Set-Cookie: PHPSESSID=abc; path=/ Set-Cookie: PHPSESSID=def; path=/ Set-Cookie: PHPSESSID=ghi; path=/的这些哪一个被认为是为PHPSESSID值?这通常结束意外事件发生,当你调用session_start(),然后session_regenerate_id()在同一页上。每个会将它自己的头。所有的浏览器似乎做好这个问题,但我似乎无法让我的客户选择是正确的了。
Which one of these is supposed to be the value for PHPSESSID? This usually ends up happening when you call session_start() and then session_regenerate_id() on the same page. Each will set its own header. All browsers seem to do okay with this, but I can't seem to get my client to pick the right one out.
任何想法?!
推荐答案RFC 6265第4.1.2节规定:
如果用户代理接收到相同的cookie名,结果一个新的cookie 域值,和路径值作为cookie它已经存储,搜索 现有的cookie将被驱逐,并与新的cookie替换。结果 请注意,服务器可以通过发送用户代理一个结果删除Cookie 与新的cookie过期属性在过去的值。
If the user agent receives a new cookie with the same cookie-name, domain-value, and path-value as a cookie that it has already stored, the existing cookie is evicted and replaced with the new cookie. Notice that servers can delete cookies by sending the user agent a new cookie with an Expires attribute with a value in the past.
所以,我将处理在给定的顺序头和覆盖他们,如果有一个重复。所以你的情况,你将有只有一个PHPSESSID = GHI。
So I would process the headers in order given and overwrite them if there is a duplicate. So in your case you would have just one PHPSESSID=ghi.
更多推荐
在HTTP多的Set
发布评论