`
flowercat
  • 浏览: 358171 次
社区版块
存档分类
最新评论

play!存在的Cookie设置的bug

    博客分类:
  • java
IEMinaChromeGmailSafari
阅读更多

目前playframework使用的Mina在设置Cookie Cache时 只设置了Max-age,未设置Expires,这导致Cookie的存活期在所有的IE浏览器里失效,无法实现remember me!

Max-age与Expires区别见下文:

 

http://mrcoles.com/blog/cookies-max-age-vs-expires/

HTTP Cookies: What's the difference between Max-age and Expires?

Quick Answer:

  • Expires sets an expiry date for when a cookie gets deleted
  • Max-age sets the time in seconds for when a cookie will be deleted
  • Internet Explorer (ie6, ie7, and ie8) does not support “max-age” , while (mostly) all browsers support expires

Max-age vs Expires, let’s dive in a little deeper:

The expires parameter was part of the original cookies baked up by Netscape. In HTTP version 1.1, expires was deprecated and replaced with the easier-to-use max-age —instead of having to specify a date, you can just say how long the cookie can live. By setting either of these, the cookie will persist until its time runs out, otherwise—if you set neither—the cookie will last until you close your browser.

Setting a cookie for “foo=bar” to last 5 minutes, using expires :

var d = new Date();
d.setTime(d.getTime() + 5*60*1000); // in milliseconds
document.cookie = 'foo=bar;path=/;expires='+d.toGMTString()+';';

And the same with max-age :

document.cookie = 'foo=bar;path=/;max-age='+5*60+';';

Unfortunately, none of the current versions of Internet Explorer support max-age , so if you want proper cookie persistence cross-browser, then stick to expires .

Let’s open this up to some fake Q&A…

Q. What if I set both expires and max-age in a cookie?
A. Every browser that supports max-age will ignore the expires regardless of it’s value, and likewise, Internet Explorer will ignore the max-age and just use expires .

Q. What if I set just max-age in a cookie?
A. Every browser—except Internet Explorer—uses it properly. In Internet Explorer it will be a session cookie (it will be deleted when you close your browser).

Q. What if I set just expires in a cookie?
A. Every browser uses and persists it properly, just remember to set it in GMT time as seen in the example above.

Q. Where did you get these facts from?
A. I wrote a cookie persistence test page and tested it out on IE6, IE7, IE8, FF2, FF3, Safari 4, Google Chrome, and Opera 9.6. Let me know if you try it out on any other browsers or see anything contradictory.

Q. What’s the moral of this story?
A. If you care about your cookies functioning properly for a huge percentage of web users (65.66%) , don’t persist your cookies “the right way” according to spec (max-age ), persist them the way that works (expires ).

分享到:
| (转)Groovy的5种特殊运算符(可直接用于 ...
评论
2 楼 Arden 2010-10-16   
    /**
     * 设置cookie
     * 
     * @param response
     * @param name
     * @param value
     * @param domain (.paojiao.cn)
     * @param path(/ 或者 null)
     * @param maxAge
     */
    public static void setCookie(Http.Response response, String name, String value, String domain, String path, Integer maxAge) {
        //response.setCookie(name, value, domain, path, maxAge);
        Calendar calendar = Calendar.getInstance();
        calendar.add(Calendar.SECOND, maxAge);
        Date date = calendar.getTime();
        String expires = (new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss z", Locale.US)).format(date);
        expires = expires.replaceAll("CST", "GMT");
        if (StringUtils.isEmpty(path)) {
            path = "";
        }
        String cookie = name + "=" + value + "; domain=" + domain + "; path=" + path + "; expires=" + expires;
        System.out.println("cookie:" + cookie);
        response.setHeader("Set-Cookie", cookie);
        //response.setHeader("Set-Cookie", "email=arden.emily@gmail.com; domain=.tujiao.com; path=/; expires=Tue, 11-Oct-2011 05:48:06 GMT");
    }


我写了个手动设置Cookie的方法,解决IE不能设置cookie的Bug.
1 楼 Arden 2010-10-16  
    /**
     * 设置cookie
     *
     * @param response
     * @param name
     * @param value
     * @param domain (.paojiao.cn)
     * @param path(/ 或者 null)
     * @param maxAge
     */
    public static void setCookie(Http.Response response, String name, String value, String domain, String path, Integer maxAge) {
        //response.setCookie(name, value, domain, path, maxAge);
        Calendar calendar = Calendar.getInstance();
        calendar.add(Calendar.SECOND, maxAge);
        Date date = calendar.getTime();
        String expires = (new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss z", Locale.US)).format(date);
        expires = expires.replaceAll("CST", "GMT");
        if (StringUtils.isEmpty(path)) {
            path = "";
        }
        String cookie = name + "=" + value + "; domain=" + domain + "; path=" + path + "; expires=" + expires;
        System.out.println("cookie:" + cookie);
        response.setHeader("Set-Cookie", cookie);
        //response.setHeader("Set-Cookie", "email=arden.emily@gmail.com; domain=.tujiao.com; path=/; expires=Tue, 11-Oct-2011 05:48:06 GMT");
    }

我写了个手动设置Cookie的方法,解决IE不能设置cookie的Bug.
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics