When you setcookie('id','111'...) does th开发者_C百科e browser store that cookie with additional information, like where it got from? How would that look like? I assume a website cannot access cookies set by facebook or twitter on somebody's computer.
Generally, this information is saved:
- Name
- Content
- Domain (default is the domain you are setting it from)
- Path (default is the path you are setting it from)
- Send for (ie. encrypted connections only)
- Expiration date
Cookies are generally identified by a combination of name, domain and path. This means that a website can only access cookies that have been set on the same domain and path (which is good, as this prevents the sites you mentioned from reading cookies that have been set on other websites you have visited).
More information regarding the actual specification of how cookies RFC2965.
You can find out the cookies a domain is storing using a simple method, just paste the following code into your address bar while on the site you are inquiring about. But it's true that a whole lot of other meta data is stored with the raw cookie values, the browser obviously has to be careful that only a single domain can access its own cookies and needs to keep track of when they need to expire etc.
javascript:document.write(document.cookie);
And you are correct, the browsers try very hard to make sure cookies are only accessible to the domains that set them. There have been many crafty exploits using JavaScript and iframes in the past and XSS vulnerabilities are a huge problem still today.
Cookies can be accessed only by the setting domain (or a sub-domain of that domain).
The browser stores:
- cookie name
- value
- date/time set
- date/time of expiry
- domain
A website could access, say, facebook cookies by using a javascript hosted on the facebook domain.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论