Open lifubang opened 3 years ago
The cookie value string can use encodeURIComponent() to ensure that the string does not contain any commas, semicolons, or whitespace (which are disallowed in cookie values).
encodeURIComponent/decodeURIComponent escape sequences (e.g. comma, quotes, [], : , ; etc)
back-end transcoding
Java Example:
URLDecoder.decode("lifubang%40acmcoder.com", "utf-8");
PHP Example:
urldecode("lifubang%40acmcoder.com")
The cookie value string can use encodeURIComponent() to ensure that the string does not contain any commas, semicolons, or whitespace (which are disallowed in cookie values).
I think the operation document.cookie=***
will handle these cases by itself. You can try it in chrome console window.
back-end transcoding
Yes, back-end can decode it correctly. My thought is that we should not force the back-end to change the code when I use vue-cookies
to replace document.cookie=
.
I agree with @lifubang in that I am having issues with this as well.
I don't mind if the value is encoded in the cookie storage, but the decode does not work for me when I get cookies back. When I use Vue.$cookies.get() it returns the escaped strings for me, so the functionality is ruined.
My understanding is that the cookie stores a standard string and handles all required escaping itself as well.
but the decode does not work for me when I get cookies back
Yes, we may hit this issues when we read the cookie created by the back-end. So I update the commit of the #67 .
当cookie含有 ASCII 特殊符号时,encodeURIComponent会对key or value 进行编码,这样会导致接下来的请求后端cookies校验无法通过,希望不要对@&=+$#这些特殊符号进行编译。
When we use
document.cookie='email=lifubang@acmcoder.com'
, the value ofdocument.cookie
isemail=lifubang@acmcoder.com
; But when we usethis.$cookies.set('email', 'lifubang@acmcoder.com')
, the value ofdocument.cookie
isemail=lifubang%40acmcoder.com
.It's ok when we just use cookie in front-end, but the back-end will get an inconsistent cookie value when we use vue-cookies to replace
document.cookie=
in front-end, it would cause the back-end to upgrade their code.