HTTP请求中是否允许多个Cookie头?
通常,浏览器将Cookie分组到单个HTTP请求中是否允许多个Cookie头?,http,cookies,Http,Cookies,通常,浏览器将Cookie分组到单个Cookie头中,例如: Cookie: a=1; b=2 Cookie: a=1 Cookie: b=2 标准是否允许将这些作为单独的标题发送,例如: Cookie: a=1; b=2 Cookie: a=1 Cookie: b=2 或者他们必须总是在同一条线上吗?在查找该主题的详细信息时,偶然发现了此页。引用HTTP状态管理机制,应该可以让事情更清楚: 5.4。Cookie标题 当用户代理生成HTTP请求时,用户代理必须 不能附加多个Cookie头
CookieCookie: a=1; b=2
Cookie: a=1
Cookie: b=2
Cookie: a=1; b=2
Cookie: a=1
Cookie: b=2
或者他们必须总是在同一条线上吗?在查找该主题的详细信息时,偶然发现了此页。引用HTTP状态管理机制,应该可以让事情更清楚: 5.4。Cookie标题 当用户代理生成HTTP请求时,用户代理必须 不能附加多个Cookie头字段
看起来实际上禁止使用多个
Cookie 8.1.2.5. Compressing the Cookie Header Field
The Cookie header field [COOKIE] uses a semi-colon (";") to delimit
cookie-pairs (or "crumbs"). This header field doesn't follow the
list construction rules in HTTP (see [RFC7230], Section 3.2.2), which
prevents cookie-pairs from being separated into different name-value
pairs. This can significantly reduce compression efficiency as
individual cookie-pairs are updated.
To allow for better compression efficiency, the Cookie header field
MAY be split into separate header fields, each with one or more
cookie-pairs. If there are multiple Cookie header fields after
decompression, these MUST be concatenated into a single octet string
using the two-octet delimiter of 0x3B, 0x20 (the ASCII string "; ")
before being passed into a non-HTTP/2 context, such as an HTTP/1.1
connection, or a generic HTTP server application.
Therefore, the following two lists of Cookie header fields are
semantically equivalent.
cookie: a=b; c=d; e=f
cookie: a=b
cookie: c=d
cookie: e=f
这些疯狂的新式RFC:)请注意,服务器可以使用多个
Set Cookie设置Cookie:a=b;c=d比设置Cookie更正确:a=b;设置Cookie:c=d如果值由单个服务器设置。规范说服务器不应该将多个集合Cookie头字段折叠成一个字段,但是它可以将多个集合Cookie头字段添加到一个响应中。这在现实世界中意味着,当代理服务器传递响应时,如果该代理设置Cookie,则它应该使用单独的Set Cookie头。