cookie作用域,用户隐私信息
cookies作用域:即cookie的domain属性,作用为约束子域是否可以共享主域的Cookies,公司cookies作用域通常为qq.com
用户隐私:用户的个人信息,包括明文、加密、内部编码等存储形式,包括但不限于以下信息:
-能唯一标识用户的信息, 如用户账号、密码、邮箱、手机号等 -与用户相关的信息, 如用户性别、年龄段、月收入、地域等 -用户的上网行为记录, 如搜索关系词、浏览的页面、上网时长、收藏的商品等 -用户机器的硬件信息,如CPU参数、内存参数、硬盘参数等 -等等
这里详细讲一下cookie的作用域:
如何让不同子域共享一份cookie呢?
网上有个小哥写的一段挺好:
so you are using cookies on your website, but when a visitor visits www.yourdomain.com and yourdomain.com the cookie doesn’t get set across both! That is because in essence, www. is simply a subdomain. The “www” component is not a protocol, it is not necessary, instead all it is, is just a marketing ploy. But anyway. Here is what you would do normally:
setcookie(‘YourCookieName’, ‘Some Values’, time() + 3600, ‘/’, ‘mydomain.com’); Damn! Almost there! The part you are missing to add a cookie irrespective of the subdomain is “.mydomain.com”. Yep, just add a . infront of your domain name. So you would have:
setcookie(‘YourCookieName’, ‘Some Values’, time() + 3600, ‘/’, ‘.mydomain.com’); All done ^^ Enjoy
翻译过来举例说明: 你如果想要 find.qq.com 和 qzone.qq.com 都能使用到qq.com下的cookie, 在种cookie的时候一定要在作用域的地方添加上 .qq.com 而不是 qq.com
但是: 注意但是: 看另一个小哥写的一段:
For clarity, mydomain.com and subdomain.domain.com can only share cookies if the domain is explicitly named in the Set-Cookie header. Otherwise, the cookie domain defaults to the request host.
For instance, if you sent the following header from subdomain.mydomain.com:
Set-Cookie: name=value
Then the cookie won’t be sent for requests to mydomain.com. However if you use the following, it will be usable on both domains:
Set-Cookie: name=value;domain=mydomain.com
In RFC 2109, a domain without a leading dot meant that it could not be used on subdomains, and only a leading dot (.mydomain.com) would allow it to be used across subdomains.
However, modern browsers respect the newer specification RFC 6265, and will ignore any leading dot, meaning you can use the cookie on subdomains as well as the top-level domain.
In summary, if you set a cookie like the second example above from mydomain.com, it would be accessible by subdomain.mydomain.com, and vice versa.
See also: www vs no-www and cookies