1. 技术文章
  2. Cookie path and its accessibility to subfolder pages

Cookie path and its accessibility to subfolder pages

霸气de小男生 提交于 2019-11-26 18:43:06
Alex Barrett

If we set the cookie to path '/subfolder1', will the cookie will be made available to any page or subfolder beneath the folder?

Yes. The cookie will be available to all pages and subdirectories within the /subfolder1 path.

thefunfreak

if we set the cookie to path /subfolder1, the following pages in the example are accessible:

www.example.com/subfolder1/page1.html
www.example.com/subfolder1/moresubfolder1/page1.html
etc.

However, the page www.example.com/page1.html will not be accessible as it does not belong to the allowed path.

Michael

To remove some ambiguity by reusing a portion of this answer:

A request-path path-matches a given cookie-path if at least one of the following conditions holds:

  • The cookie-path and the request-path are identical.
  • The cookie-path is a prefix of the request-path, and the last character of the cookie-path is %x2F ("/").
  • The cookie-path is a prefix of the request-path, and the first character of the request-path that is not included in the cookie-
    path is a %x2F ("/") character.

There is a slight (but potentially important) difference between setting a cookie on the /subfolder1 path and the /subfolder1/ path.

If you rely on the former your request path needs to start with a "%x2F ("/") character" (a forward slash) to guarantee the desired behaviour. For an example, take a look at the linked answer.

Setting the cookie path to simply / avoids any edge cases, but as you say - the cookie would be accessible the entire domain.

标签
cookies
httpcookie
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!