I have two HTTP services running on one machine. I just want to know if they share their cookies or if the browser differentiates between these two server sockets.
According toRFC29653.3.1 (which may or may not be followed by browsers), unless the port is explicitly specified via theportparameter of theSet-Cookieheader , otherwise the cookie may or may not be sent to any port.
Google'sBrowser Security Manualstates:By default, the scope of a cookie is limited to all URLs on the current hostname and is not bound to port or protocol information.A few lines later,There is no way to restrict the cookie to a single DNS name [...] Likewise, there is no way to restrict it to a specific port.(Also, keep in mind that IE does not consider port numbers in its same-origin policyat all.)
Therefore, it seems unsafe to rely on any well-defined behavior here.
The current cookie specification isRFC 6265, which supersedesRFC 2109andRFC 2965(these two RFCs are now marked as "historical") , and standardizes the syntax for the actual usage of cookies. It clearly states:
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
According toRFC29653.3.1 (which may or may not be followed by browsers), unless the port is explicitly specified via the
portparameter of theSet-Cookieheader , otherwise the cookie may or may not be sent to any port.Google'sBrowser Security Manualstates:By default, the scope of a cookie is limited to all URLs on the current hostname and is not bound to port or protocol information.A few lines later,There is no way to restrict the cookie to a single DNS name [...] Likewise, there is no way to restrict it to a specific port.(Also, keep in mind that IE does not consider port numbers in its same-origin policyat all.)
Therefore, it seems unsafe to rely on any well-defined behavior here.
The current cookie specification isRFC 6265, which supersedesRFC 2109andRFC 2965(these two RFCs are now marked as "historical") , and standardizes the syntax for the actual usage of cookies. It clearly states:
besides: