学习札记-cookie RFC2965
attribute is missing. Moreover, a user agent rejects (SHALL NOT
store its information) if any of the following is true of the
attributes explicitly present in the Set-Cookie2 response header:
* The value for the Path attribute is not a prefix of the
request-URI.
* The value for the Domain attribute contains no embedded dots,
and the value is not .local.
* The effective host name that derives from the request-host does
not domain-match the Domain attribute.
* The request-host is a HDN (not IP address) and has the form HD,
where D is the value of the Domain attribute, and H is a string
that contains one or more dots.
* The Port attribute has a "port-list", and the request-port was
not in the list.
依据上面的四条,我各举几个例子:
1.请求的url为http://hitdujuan.iteye.com/blog/bb/aa.htm, request-uri为/blog/bb/aa.htm而set-cookie中,设置的path只要是不是/blog或/blog/bb,就会被拒绝。
2.请求的url为http://hitdujuan,设置的domain为hitdujuan set-cookie会被拒绝; 或是请求的url为http://iteye.com 设置的domain为.com 会被拒绝;如果请求的url为http://hitdujuan.local,设置的domain为.local,会接受;
3.请求的url为http://hitdujuan.iteye.com/blog 设置的domain为abc.com会被拒绝;
4.请求的url为http://blog.hitdujuan.iteye.com 设置的domain为iteye.com,会被拒绝;
5.请求的url为http://hitdujuan.iteye.com:9999,而set-cookie中有Port:80 则会被拒绝;
关于request-uri request-url:
参见:http://blog.csdn.net/benjieming_wang/article/details/5816652
URI和路径之间除了URL编码区别外,等式requestURI = contextPath + servletPath + pathInfo是成立的,这里指的是在servlet中适用的约定,譬如这里的requestURI不包括查询字符串参数,而实际IETF文档中URL是可以有查询参数的。HttpServletRequest提供如下API去获取requestURI和requestURL:
getRequestURI() :返回请求URL中从主机名到查询字符串之间的部分(servlet specification的说法是返回HTTP请求的第一行请求URL中从协议名称到查询字串的那部分)。例如:
First line of HTTP request Returned Value
POST /some/path.html HTTP/1.1 /some/path.html
GET http://foo.bar/a.html HTTP/1.0 /a.html
HEAD /xyz?a=b HTTP/1.1 /xyz
getRequestURL():重新构造客户端用于发起请求的URL。返回的URL包括了协议、服务器的名字、端口号和服务器的路径,但是不包括查询字符串参数。