cookie intro
how cookie come
- when you first visit xxx.com, the website produce a cookie and sent you on
http response headeryou may find the fieldSet-Cookie.
- when you first visit xxx.com, the website produce a cookie and sent you on
why cookie
- make website recongize client
- website according the cookie know you and give you different website or advertisement. or remeber your login status …
cookie attribuate
1
| |
- HttpOnly
- this atribute directs browsers can not expose the cookie through channels other http(s), so if httponly ,
alert(document.cookie)should output null.
- this atribute directs browsers can not expose the cookie through channels other http(s), so if httponly ,
- secure
- It’s also a flag, it meant browsers transfer cookie through secure methods even if it’s not https request. more detail at here
- domain
- domain value for cookie share, if a.xxx.com and b.xxx.com need share the cookie, domain=‘.xxx.com’ is ok. more detail 1
- path
- path easy to understand, cookie is effective in which path
- expires
- the time the cookie will be deleted
- max-age
- the seconds cookie get delete, the differences between
max-ageandexpires, can ref difference
- the seconds cookie get delete, the differences between
- name=value
- easy to understand, you want to save what value in cookie, the example
BAIDUID=****
- easy to understand, you want to save what value in cookie, the example
ps the cookie is produced by server