发表新帖
发表新帖

Set-Cookie: Expire property, clock skew and Internet Explorer issue

前端 未结
关注
4 1530
北恋
北恋 2020-12-05 21:42

There is a header Max-Age that allows to specify the expiration time of a cookie. Unfortunately Internet Explorer 6, 7, 8 and probably later do not support Max-Age and requi

相关标签:
4条回答
  • 有刺的猬
    2020-12-05 22:01
    • Set Max-Age as everyone but Microsoft understands it.
    • Add Javascript that runs only on IE to convert Max-Age to UTC according to the browser's clock and set that expiration time on the cookie. Note that JavaScript cannot read the Max-Age set in the cookie, so you will have to provide that information (along with any other options) to the JavaScript some other way.

    From QuirksMode 

    function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
    var c = ca[i];
    while (c.charAt(0)==' ') c = c.substring(1,c.length);
    if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}

    Then after you get the cookie name and maxAge and otherOptions (e.g. path, domain) from somewhere:

    var date = new Date();
date.setTime(date.getTime() + (maxAge * 1000));
document.cookie = name + "=" + readCookie(name) + 
    '; expires=' + date.toUTCString() + otherOptions
    0 讨论(0)
  • 再見小時候
    2020-12-05 22:03

    If I had this sort of requirement I would manage the cookies in my application. Include a server-time expires timestamp in the content of the cookie, secure the cookie with encryption or a hash, and reject the cookie if the timestamp in the cookie has passed.

    This is pretty much how auto-login cookie expiration is enforced.

    0 讨论(0)
  • 广开言路
    2020-12-05 22:09

    What i did was to shift the time keeping to server side.You can never be sure of the time in client side, but you know your server never lies.

    • You keep the time that the first request happened on the server(keep server time when you send data per client), and you set a cookie with a max date expiration i.e. :01/01/2900.
    • You keep track of that time and in lets say 10 minutes server time you decide its time to kill it.
    • You then set the cookie to have the min date then. i.e. 01/01/1900. Deleting cookies :
      http://msdn.microsoft.com/en-us/library/ms178195(v=vs.100).aspx
    0 讨论(0)
  • 离开以前
    2020-12-05 22:16

    Just FYI, IE 11 supports Max-Age on cookies starting with version 11.0.15063.0.

    I cannot find any documentation from Microsoft to report this, but during development we discovered our local version of IE was working, but customers was not. We narrowed it down to a difference in IE version and the Max-Age property on cookies.

    0 讨论(0)
 看不清?
提交回复
热议问题