firefox lead dot in cookie issue_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2022-12-24 20:55 出处：网络

We are having an annoying issue with Firefox and cookies.We have the following domains: sub1.mydomain.com

相关专题：asp.net

We are having an annoying issue with Firefox and cookies. We have the following domains:

sub1.mydomain.com sub2.mydomain.com sub3.mydomain.com otherdomain.com

We have converting our framework to be multilingual and providing a drop down to change the language at any point during site.

The code base is shared across all the domains above.

We can not set a cookie across all "mydomain.com" sites, they have to be on each of the sub domains. To get this to work we set a JavaScript cookie when the users chooses a new language. When the page posts back to the server the code picks this up and sets the users preferences to that new language code, (this is all C# and ASP.NET).

We have to set the host to be "subX.mydomain.com" and the path to be "/" in the cookie so that it is just for the subdomain and all parts of that domain.

This works great on all browsers apart from FireFox. It seems that firefox will pre append a DOT to the beginning of domain so ".subX.mydomain.com".

When the code posts back with FireFox the cookie is always null.

Has anyone had this situation, (I imagine it is not al that uncommon). I have read a lot of people saying, remove the domain from the cookie, but that can not work for us as we have multiple subdomains that need their own cookie values.

EDIT

var d = new Date();
d.setYear(d.getYear() + <%# CookieLangYearExpireOffset %>);
document.cookie = '<%# CookieLangKey %>=' + langCode + '; expires=' + d.toUTCString() + '; domain=' + window.location.hostname + '; path=/';    
var currentUrl = location.href;
var questionMarkIndex = currentUrl.lastIndexOf('?');
if (questionMarkIndex > 0) {
    currentUrl = currentUrl + '&rand=' + Math.floor(Math.random() * 1001);
}
else {
   currentUrl = currentUrl + '?rand=' + Math.floor(Math.random() * 1001);
}
window.location.href = currentUrl;

The server side code parts are just so that the server side and client side use the same expire value and name vaule.

Thanks

By default, Domain is set to the request host, which has no leading dot. However, according to RFC2109:

The Domain attribute specifies the domain for which the cookie is valid. An explicitly specified domain must always start with a dot.

What if you don't specify the domain? Will it not pick up the subdomain?

EDIT: I just tested setting a cookie without specifying the domain and it picked up the subdomain of the page that I was setting the cookie from. It looks like if you don't specify the domain then it should work.

EDIT 2: Since a dot at the beginning of the domain should not make the cookie null on the server, double-check that your code is working in Firefox. A common problem is placing your JavaScript in a <script type="jscript"> tag, as opposed to <script type="text/javascript">.