使用没有等号=的Cookie是否违反了HTTP标准?
例如,这个HTTP响应是否符合标准? :
HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: cookie_data_without_equals_sign; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly
多个等号怎么样? :
HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: key=val=ue=; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT; HttpOnly
答案 0 :(得分:2)
Cookie 必须指定由=分隔的名称和值。这是由迄今为止的所有Cookie RFC(2109,2965和6265)以及原始Netscape cookie spec决定的。
以下是当前规范中的相关ABNF RFC 6265:
set-cookie-header = "Set-Cookie:" SP set-cookie-string
set-cookie-string = cookie-pair *( ";" SP cookie-av )
cookie-pair = cookie-name "=" cookie-value
cookie-name = token
cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
; US-ASCII characters excluding CTLs,
; whitespace DQUOTE, comma, semicolon,
; and backslash
token = <token, defined in [RFC2616], Section 2.2>
答案 1 :(得分:1)
以下是每rfc2965的BNF:
set-cookie = "Set-Cookie2:" cookies
cookies = 1#cookie
cookie = NAME "=" VALUE *(";" set-cookie-av)
NAME = attr
VALUE = value
set-cookie-av = "Comment" "=" value
| "CommentURL" "=" <"> http_URL <">
| "Discard"
| "Domain" "=" value
| "Max-Age" "=" value
| "Path" "=" value
| "Port" [ "=" <"> portlist <"> ]
| "Secure"
| "Version" "=" 1*DIGIT
portlist = 1#portnum
portnum = 1*DIGIT