search

cmp-cc / vue-cookies

A simple Vue.js plugin for handling browser cookies
MIT License
408 stars 70 forks source link

Sometimes $cookies.set is not consistent with `document.cookie=` #66

Open lifubang opened 3 years ago

lifubang commented 3 years ago

When we use document.cookie='email=lifubang@acmcoder.com', the value of document.cookie is email=lifubang@acmcoder.com; But when we use this.$cookies.set('email', 'lifubang@acmcoder.com'), the value of document.cookie is email=lifubang%40acmcoder.com.

It's ok when we just use cookie in front-end, but the back-end will get an inconsistent cookie value when we use vue-cookies to replace document.cookie= in front-end, it would cause the back-end to upgrade their code.

cmp-cc commented 3 years ago

The cookie value string can use encodeURIComponent() to ensure that the string does not contain any commas, semicolons, or whitespace (which are disallowed in cookie values).

encodeURIComponent/decodeURIComponent escape sequences (e.g. comma, quotes, [], : , ; etc)

back-end transcoding

Java Example:

URLDecoder.decode("lifubang%40acmcoder.com", "utf-8");

PHP Example:

urldecode("lifubang%40acmcoder.com")
lifubang commented 3 years ago

The cookie value string can use encodeURIComponent() to ensure that the string does not contain any commas, semicolons, or whitespace (which are disallowed in cookie values).

I think the operation document.cookie=*** will handle these cases by itself. You can try it in chrome console window.

back-end transcoding

Yes, back-end can decode it correctly. My thought is that we should not force the back-end to change the code when I use vue-cookies to replace document.cookie=.

Connor1st commented 3 years ago

I agree with @lifubang in that I am having issues with this as well.

I don't mind if the value is encoded in the cookie storage, but the decode does not work for me when I get cookies back. When I use Vue.$cookies.get() it returns the escaped strings for me, so the functionality is ruined.

My understanding is that the cookie stores a standard string and handles all required escaping itself as well.

lifubang commented 3 years ago

but the decode does not work for me when I get cookies back

Yes, we may hit this issues when we read the cookie created by the back-end. So I update the commit of the #67 .

liuyang92 commented 2 years ago

当cookie含有 ASCII 特殊符号时,encodeURIComponent会对key or value 进行编码,这样会导致接下来的请求后端cookies校验无法通过,希望不要对@&=+$#这些特殊符号进行编译。