Are multiple Cookie headers allowed in an HTTP request?

前端未结

关注

 2  1944

逝去的感伤 2020-12-07 14:35

Usually, a browser groups cookies into a single Cookie header, such as:

Cookie: a=1; b=2

Does the standard allow to send these

2条回答

失恋的感觉 (楼主)

2020-12-07 14:51

it's now allowed in HTTP/2 (RFC 7540), which specifies:

    8.1.2.5.  Compressing the Cookie Header Field

   The Cookie header field [COOKIE] uses a semi-colon (";") to delimit
   cookie-pairs (or "crumbs").  This header field doesn't follow the
   list construction rules in HTTP (see [RFC7230], Section 3.2.2), which
   prevents cookie-pairs from being separated into different name-value
   pairs.  This can significantly reduce compression efficiency as
   individual cookie-pairs are updated.

   To allow for better compression efficiency, the Cookie header field
   MAY be split into separate header fields, each with one or more
   cookie-pairs.  If there are multiple Cookie header fields after
   decompression, these MUST be concatenated into a single octet string
   using the two-octet delimiter of 0x3B, 0x20 (the ASCII string "; ")
   before being passed into a non-HTTP/2 context, such as an HTTP/1.1
   connection, or a generic HTTP server application.

   Therefore, the following two lists of Cookie header fields are
   semantically equivalent.

     cookie: a=b; c=d; e=f

     cookie: a=b
     cookie: c=d
     cookie: e=f

0 讨论(0)

查看其它2个回答