https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Domain=<domain-value> Optional

Specifies those hosts to which the cookie will be sent.

If not specified, defaults to the host portion of the current document location (but not including subdomains).

Contrary to earlier specifications, leading dots in domain names are ignored.

If a domain is specified, subdomains are always included.

Path=<path-value> Optional

Indicates a URL path that must exist in the requested resource before sending the Cookie header.

The %x2F ("/") character is interpreted as a directory separator and sub directories will be matched as well (e.g. path=/docs, "/docs", "/docs/Web/", or "/docs/Web/HTTP" will all be matched).

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Scope of cookies

The Domain and Path directives define the scope of the cookie: what URLs the cookies should be sent to.

Domain specifies allowed hosts to receive the cookie.

If unspecified, it defaults to the host of the current document location, excluding subdomains.

If Domain is specified, then subdomains are always included.

For example, if Domain=mozilla.org is set, then cookies are included on subdomains like developer.mozilla.org.

Path indicates a URL path that must exist in the requested URL in order to send the Cookie header. The %x2F ("/") character is considered a directory separator, and subdirectories will match as well.

For example, if Path=/docs is set, these paths will match:

  • /docs
  • /docs/Web/
  • /docs/Web/HTTP

subdomain

https://en.wikipedia.org/wiki/Subdomain

A subdomain is a domain that is part of a larger domain; the only domain that is not also a subdomain is the root domain.[1]

For example, west.example.com and east.example.com are subdomains of the example.com domain, which in turn is a subdomain of the com top-level domain (TLD).

A "subdomain" expresses relative dependence, not absolute dependence: for example, wikipedia.org comprises a subdomain of the org domain, and en.wikipedia.org comprises a subdomain of the domain wikipedia.org.

https://en.wikipedia.org/wiki/HTTP_cookie

Cookie attributes

In addition to a name and value, cookies can also have one or more attributes.

Browsers do not include cookie attributes in requests to the server—they only send the cookie's name and value.

Cookie attributes are used by browsers to determine when to delete a cookie, block a cookie or whether to send a cookie to the server.

Domain and path

The Domain and Path attributes define the scope of the cookie. They essentially tell the browser what website the cookie belongs to. For obvious security reasons, cookies can only be set on the current resource's top domain and its sub domains, and not for another domain and its sub domains.

For example, the website example.org cannot set a cookie that has a domain of foo.com because this would allow the example.org website to control the cookies of foo.com.

If a cookie's Domain and Path attributes are not specified by the server, they default to the domain and path of the resource that was requested.[36] However, in most browsers there is a difference between a cookie set from foo.com without a domain, and a cookie set with the foo.com domain. In the former case, the cookie will only be sent for requests to foo.com, also known as a host-only cookie. In the latter case, all sub domains are also included (for example, docs.foo.com).[37][38] A notable exception to this general rule is Internet Explorer, which always sends cookies to sub domains regardless of whether the cookie was set with or without a domain.[39]

Below is an example of some Set-Cookie HTTP response headers that are sent from a website after a user logged in. The HTTP request was sent to a webpage within the docs.foo.com subdomain:

HTTP/1.0 200 OK

Set-Cookie: LSID=DQAAAK…Eaem_vYg; Path=/accounts; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly

Set-Cookie: HSID=AYQEVn…DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly

Set-Cookie: SSID=Ap4P…GTEq; Domain=foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly

The first cookie, LSID, has no Domain attribute, and has a Path attribute set to /accounts. This tells the browser to use the cookie only when requesting pages contained in docs.foo.com/accounts (the domain is derived from the request domain).

The other two cookies, HSID and SSID, would be used when the browser requests any subdomain in .foo.com on any path (for example www.foo.com/bar). The prepending dot is optional in recent standards, but can be added for compatibility with RFC 2109 based implementations.[40]

cookie domain and cookie path的更多相关文章

  1. selenium.Cookie 转 okhttp3.Cookie

    package org.rx.util; import lombok.SneakyThrows; import okhttp3.HttpUrl; import org.openqa.selenium. ...

  2. Js添加、读取、删除cookie,判断cookie是否有效,指定domain域下主路径path下设置cookie,设置expires过期时间

    有时我们需要用cookie保存用户名,记录登录状态,如何正确判断该机用户cookie是否存在呢?不能简单使用a!=”这样的写法. 正确方法是:判断是否存在名为username3的cookie,使用do ...

  3. cookie domain path 跨域

    1.domain表示的是cookie所在的域,默认为请求的地址,如网址为www.jb51.net/test/test.aspx,那么domain默认为www.jb51.net.而跨域访问,如域A为t1 ...

  4. Cookie默认不设置path时,哪些请求会携带cookie数据

    默认不设置path的时候,只会在请求和servlet同路径的情况下才会携带cookie中存储的数据,包含同级目录和下级目录 例如: 在http://localhost:8080/day01/test/ ...

  5. jQuery插件 -- Cookie插件jquery.cookie.js(转)

    Cookie是网站设计者放置在客户端的小文本文件.Cookie能为用户提供很多的使得,例如购物网站存储用户曾经浏览过的产品列表,或者门户网站记住用户喜欢选择浏览哪类新闻. 在用户允许的情况下,还可以存 ...

  6. HostOnly Cookie和HttpOnly Cookie

    怎么使用Cookie? 通常我们有两种方式给浏览器设置或获取Cookie,分别是HTTP Response Headers中的Set-Cookie Header和HTTP Request Header ...

  7. js读写Cookie问题(Cookie存储时长、Cookie存储域)汇总

    在采集网站用户行为数据/使用js对用户行为做交互时,经常会使用到Cookie,了解Js Cookie的读写,以及一些细节,非常重要.   什么是Cookie 所谓Cookie,只是一条极为短小的信息, ...

  8. JS设置cookie、读取cookie、删除cookie

    JS设置cookie.读取cookie.删除cookie       JS设置cookie,注意一定要path=/ ,根目录,不然其他目录可能查询不到..默认是本目录. document.cookie ...

  9. .NET,Cookie,写Cookie,取Cookie

    Cookie是一段文本信息,在客户端存储 Cookie 是 ASP.NET 的会话状态将请求与会话关联的方法之一.Cookie 也可以直接用于在请求之间保持数据,但数据随后将存储在客户端并随每个请求一 ...

随机推荐

  1. 洛谷——P2261 [CQOI2007]余数求和

    P2261 [CQOI2007]余数求和 关键在于化简公式,题目所求$\sum_{i=1}^{n}k\mod i$ 简化式子,也就是$\sum_{i=1}^{n}(k-\frac{k}{i}\time ...

  2. Luogu P4549 裴蜀定理 / Min

    思路 题目已经给出了正解.我们只需要将裴蜀定理推广到若干数的线性组合就可以做这道题了 要注意的是需要在输入的时候取一个绝对值.因为可能会有负数存在.我之前也写过裴蜀定理的证明,要看的话点这里 吐槽 第 ...

  3. (C/C++学习)15.C语言字符串和字符数组

    说明:在C语言中字符串和字符数组有很多相似之处,却又有着一些不同.本文将针对其区别与联系,进行分析总结. 一.字符串 1.在C语言中,字符串是由双引号括起来的任意字符序列,如:"china& ...

  4. 常量、变量;基本数据类型;input()、if、while、break、continue

    一.编译型语言和解释型语言区别:编译型:一次性将所有程序编译成二进制文件 缺点:开发效率低,不能跨平台 优点:运行速度快. 例如:C,C++等解释型:当程序执行时,一行一行的解释 优点:开发效率高,可 ...

  5. java mysql prepareStatement模糊查询like使用注意

    今天在使用mysql 的like语句是,发现prepareStatement的like语句和一般的=写法有一样. 当要使用prepareStatement的like查询时,按照一般写法,都会写成: S ...

  6. Python条件控制语句

    条件控制语句 if语句 if条件加表达式 if-else语句 if-elif-else语句 if 表达式1: 语句1 elif 表达式2: 语句2 elif 表达式3: 语句3 else: 语句e 逻 ...

  7. [bzoj4567][Scoi2016][背单词] (贪心+trie树)

    Description Lweb 面对如山的英语单词,陷入了深深的沉思,“我怎么样才能快点学完,然后去玩三国杀呢?”.这时候睿智 的凤老师从远处飘来,他送给了 Lweb 一本计划册和一大缸泡椒,他的计 ...

  8. POJ 3270 置换群问题

    题目大意是: 每头牛都有一个对应的值a[i],现在给定一个初始的牛的序列,希望通过两两交换,能够使这些牛按值升序排列,每次交换都会耗费一个 a[i]+a[j] 希望耗费最小,求出这个最小耗费 个人觉得 ...

  9. 清北学堂模拟赛d1t1 位运算1(bit)

    题目描述LYK拥有一个十进制的数N.它赋予了N一个新的意义:将N每一位都拆开来后再加起来就是N所拥有的价值.例如数字123拥有6的价值,数字999拥有27的价值.假设数字N的价值是K,LYK想找到一个 ...

  10. 常州模拟赛d7t2 数组

    题目背景 HJZ 有很多玩具.他最喜欢玩的玩具是一个可以变化的数组. 题目描述 HJZ 的数组初始时有 n 个元素.他可以把一个位置上的数加上或减去一个固定的 数 x. 一天 LJZ 和 HZY 来 ...