March 3, 2016

immortal session cookie in Chrome

It’s very interesting, we set a session cookie for users who logged in system, and we expect after he/she close browser the cookie will be deleted, that’s for security consideration. But I found even I closed Chrome, when I open it again, the session cookie is still there! That’s the reason. I have modified setting to my default, but “Continue where you left off” is very useful sometimes.

March 3, 2016

cookies domain

There are some RFCs about HTTP state management: RFC2109, RFC2965, RFC6265. My environment is Chrome Version 47.0.2526.106 (64-bit), I use tornado set cookies. As the RFC content, if you provide domain field in Set-Cookie, you should keep a dot at the beginning of domain name, if you forget, the http client should help you. You can ignore domain field, then the domain value will be set as same as request host. Read more

Powered by Hugo & Kiss.