HTTP请求中是否允许多个Cookie标头?

时间:2013-04-30 17:38:09

标签: http cookies

通常,浏览器会将Cookie分组到一个Cookie标头中,例如:

Cookie: a=1; b=2

标准是否允许将这些标题作为单独的标题发送,例如:

Cookie: a=1
Cookie: b=2

或者他们总是必须在同一条线上?

2 个答案:

答案 0 :(得分:113)

在寻找有关该主题的详细信息时,可以访问此页面。来自HTTP State Management MechanismRFC 6265的引用应该让事情变得更清楚:

<强> 5.4。 Cookie标头

  

当用户代理生成HTTP请求时,用户代理必须          不要附加多个Cookie标头字段。

事实上,禁止使用多个Cookie标题

答案 1 :(得分:13)

现在允许在HTTP / 2(RFC 7540)中指定:

    8.1.2.5.  Compressing the Cookie Header Field

   The Cookie header field [COOKIE] uses a semi-colon (";") to delimit
   cookie-pairs (or "crumbs").  This header field doesn't follow the
   list construction rules in HTTP (see [RFC7230], Section 3.2.2), which
   prevents cookie-pairs from being separated into different name-value
   pairs.  This can significantly reduce compression efficiency as
   individual cookie-pairs are updated.

   To allow for better compression efficiency, the Cookie header field
   MAY be split into separate header fields, each with one or more
   cookie-pairs.  If there are multiple Cookie header fields after
   decompression, these MUST be concatenated into a single octet string
   using the two-octet delimiter of 0x3B, 0x20 (the ASCII string "; ")
   before being passed into a non-HTTP/2 context, such as an HTTP/1.1
   connection, or a generic HTTP server application.

   Therefore, the following two lists of Cookie header fields are
   semantically equivalent.

     cookie: a=b; c=d; e=f

     cookie: a=b
     cookie: c=d
     cookie: e=f