开发者

Subdomain cookie sent in request Cookie header, but not present in IE JavaScript's document.cookie

I'm having a strange problem with cookies which are being sent and received properly but are inaccessible to JavaScript on Internet Explorer. Chrome, Firefox, Opera, and Safari JavaScript is fine.

  1. Post to "http://wp.abc.example.com/content/sv2.cgi?id=1234", response sets cookies, issues 302 redirect:

    HTTP/1.0 302 Moved Temporarily
    Location: http://members.abc.example.com/abc/members/0912/07/news01.html
    Set-Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;
    Set-Cookie: LEADENDDATE=20091218; expires=Tue开发者_如何学Python Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;
    
  2. Browser requests target page, including the cookies just sent.

    GET /abc/members/0912/07/news01.html HTTP/1.1
    Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; LEADENDDATE=20091218;
    Host: members.abc.example.com
    
  3. Run "javascript:alert(document.cookie);" in the browser address bar.

  4. On IE, and IE only, the cookies aren't there. Other browsers are fine. This is true for IE6, 7, and 8.

So in summary,

The "wp.abc.example.com" sets a cookie on "abc.example.com", which is sent to the server in requests on "members.abc.example.com", but not visible to JavaScript on that page.

Why?

I thought maybe instead of "abc.example.com" the cookie should be set on ".abc.example.com" to allow subdomain matching, but even so it's being sent in the "members.abc.example.com" request header.

Basically it's acting as though "HttpOnly" is set on the cookie, even though from the Set-Cookie header example shown above, that flag is not included. Does the extra ";" maybe have some effect?


Eric Law wrote up a good article on IE's various cookie-handling quirks a while back. One of the questions he answers appears as though it may apply to your scenario:

Q8: Are there any limits to the HTML DOM document.cookie property?

A: [...]

Also, due to an obscure bug in the underlying WinINET InternetGetCookie implementation, IE’s document.cookie will not return a cookie if it was set with a path attribute containing a filename.
[...]

Note that your paths do include filenames:

Set-Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;
Set-Cookie: LEADENDDATE=20091218; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;

I suggest you try setting the cookies with filename-free paths, and see if that doesn't help...

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜