Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Difference between set-cookie2 and set-cookie

Tags:

Is there any advantage of using set-cookie2 over set-cookie. And is there any difference in how they affect the functionality on server and client side.

like image 543
Balachander Ganesan Avatar asked Feb 27 '12 08:02

Balachander Ganesan

People also ask

What is the difference between cookie and set-cookie?

Cookies are strings of data that a web server sends to the browser. When a browser requests an object from the same domain in the future, the browser will send the same string of data back to the origin server. The data is sent from the web server in the form of an HTTP header called "Set-Cookie".

What is set Cookie2?

Set-Cookie2 allowed you to restrict your cookie to a list of ports to which the cookie may be sent. According to RFC2965: The Port attribute restricts the port to which a cookie may be returned in a Cookie request header.

Why is set-cookie forbidden?

Set-Cookie is a forbidden response header name. You cannot read it using browser-side JavaScript. If you need to pass that information to your JavaScript, then you need to have the server use some other mechanism (such as a different header or part of the response body).

Why do we set cookies?

Cookies are small pieces of text sent to your browser by a website you visit. They help that website remember information about your visit, which can both make it easier to visit the site again and make the site more useful to you.

2 Answers

Set-Cookie2 isn't widely implemented and now deprecated.

See RFC 6265.

like image 186
Julian Reschke Avatar answered Sep 28 '22 18:09

Julian Reschke

First of all Set-Cookie2 is deprecated as of RFC6265 and should not be used. But as for the differences between Set-Cookie and Set-Cookie2:

Set-Cookie2 allowed you to restrict your cookie to a list of ports to which the cookie may be sent. According to RFC2965:

The Port attribute restricts the port to which a cookie may be returned in a Cookie request header. Note that the syntax REQUIREs quotes around the OPTIONAL portlist even if there is only one portnum in portlist.

There are three possible behaviors, depending on the Port attribute in the Set-Cookie2 response header:

  1. By default (no Port attribute), the cookie MAY be sent to any port.

  2. If the attribute is present but has no value (e.g., Port), the cookie MUST only be sent to the request-port it was received from.

  3. If the attribute has a port-list, the cookie MUST only be returned if the new request-port is one of those listed in port-list.

This differs because Set-Cookie does not allow you to restrict cookies to any specific ports. Therefore your cookies are sent to any port on that host no matter the port number.

like image 21
PHP Guru Avatar answered Sep 28 '22 18:09

PHP Guru
Sign in to Comment

Related questions

B-Tree vs Bitmap database indexes
SVG pixelation in chrome
How to use java object as a value in Redis
How does class composition work in iOS?
What's the difference between pytz and python-dateutil? [closed]
Method for downloading iCloud files? Very confusing?
How Shazam or Sound Hound works? [closed]
Symfony 2 - multiple server configuration
getExternalFilesDir() returns null (not a permissions issue)
JPA default fetch type
Javascript features work on localhost but not when deployed to Heroku
Alternative to Java's Observable class? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!