HTTP 请求中是否允许多个 Cookie 头?

通常,浏览器会将 cookie 分组到单个 Cookie头中,例如:

Cookie: a=1; b=2

标准是否允许将它们作为单独的标题发送,例如:

Cookie: a=1
Cookie: b=2

还是他们总是在同一条线上?

66118 次浏览
小开
最佳答案

Chanced upon this page while looking for details on the topic. A quote from HTTP State Management Mechanism, RFC 6265 ought to make things clearer:

5.4饼干头

当用户代理生成 HTTP 请求时,用户代理必须 不要附加多个 Cookie 头字段。

它看起来像使用多个 Cookie,事实上,禁止!

小开

它现在在 HTTP/2(RFC 7540)中被允许,它指定:

    8.1.2.5.  Compressing the Cookie Header Field


The Cookie header field [COOKIE] uses a semi-colon (";") to delimit
cookie-pairs (or "crumbs").  This header field doesn't follow the
list construction rules in HTTP (see [RFC7230], Section 3.2.2), which
prevents cookie-pairs from being separated into different name-value
pairs.  This can significantly reduce compression efficiency as
individual cookie-pairs are updated.


To allow for better compression efficiency, the Cookie header field
MAY be split into separate header fields, each with one or more
cookie-pairs.  If there are multiple Cookie header fields after
decompression, these MUST be concatenated into a single octet string
using the two-octet delimiter of 0x3B, 0x20 (the ASCII string "; ")
before being passed into a non-HTTP/2 context, such as an HTTP/1.1
connection, or a generic HTTP server application.


Therefore, the following two lists of Cookie header fields are
semantically equivalent.


cookie: a=b; c=d; e=f


cookie: a=b
cookie: c=d
cookie: e=f

提交答案