我有一个正在为 example.com 生成 cookie 的网站。它可以在 Firefox、Chrome 18 和 Safari 中访问 http://example.com和 http://www.example.com 。但是,我无法从 http://test.me.example.com 访问 cookie在 webkit 派生的浏览器中。它可以在 Firefox 中运行。
当从 javascript 设置 cookie 时,我已经使用 example.com 和 .example.com 之一的domain= 对此进行了测试。
cookie 的路径为/并设置了过期时间。
最佳答案
如何指定子域? Chrome 要求子域的 cookie 以点为前缀 例如域名=.example.com
您可能会发现这篇文章有用:https://serverfault.com/questions/153409/can-subdomain-example-com-set-a-cookie-that-can-be-read-by-example-com
Quoting from the same RFC2109 you read:
* A Set-Cookie from request-host x.foo.com for Domain=.foo.com would be accepted.
So subdomain.example.com can set a cookie for .example.com. So far so good.
The following rules apply to choosing applicable cookie-values from among all the cookies the user agent has. Domain Selection The origin server's fully-qualified host name must domain-match the Domain attribute of the cookie
So do we have a domain-match?
- A is a FQDN string and has the form NB, where N is a non-empty name string, B has the form .B', and B' is a FQDN string. (So, x.y.com domain-matches .y.com but not y.com.) But now example.com wouldn't domain-match .example.com according to the definition. But www.example.com (or any other "non-empty name" in the domain) > > would. This RFC is in theory obsoleted by RFC2965, which dictated things about forcing a leading dot for domains on Set-Cookie2 operations.
More important, as noted by @Tony, is the real world. For a glimpse into what actual user agents are doing, see
Firefox 3's nsCookieService.cpp and
Chrome's cookie_monster.cc For perspective into what actual sites are doing, try playing with wget using > --save-cookies, --load-cookies, and --debug to see what's going on.
You'll likely find that in fact most sites are using some combination of Set-> > Cookie from the older RFC spec with "Host" values, implicitly without a leading dot (as twitter.com does) or setting Domain values (with a leading dot) and redirecting to a server like www.example.com (as google.com does).
关于javascript - 为什么 Chrome 和 Safari 看不到某些子域的 cookie?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10438165/