javascript - 如何在 IE8 中为两个字母的域设置 cookie？

Question

因为区分短域名和 TLD 并非易事，Microsoft maintains a list IE8 的特例。该列表可以在 res://urlmon.dll/ietldlist.xml 中找到。

但是，我不明白如何实际使用该列表。即使是 列出的特权双字母域似乎也有问题。

例如，域 cn.ca可以在列表中找到。但这是我在 IE8 的 javascript 控制台中得到的:

同样的方法在更长的域上也能完美运行，比如 stackoverflow.com(我在这个例子之前清除了我的 cookies 以避免不相关的噪音):

特例列表是否真的被破坏了，或者我只是误解了它的目的？有没有任何方法可以在 IE8 中为短域设置 cookie(不限于子域)？

Answer 1

documentation 中没有好的信息.但是，我在 MSDN blog post 中找到了一篇很好的文章。 .

与您的问题最相关的是 Q6:

IE won’t set a cookie for certain domains, like those of the format http://xx.yy?

Correct. The idea is that you may not set a cookie on a "top-level" domain shared by unrelated organizations. Historically, ccTLDs of the format xx.yy were effective TLDs, so cookies may not be set on them. While this heuristic was never perfect, it's been unchanged for over 15 years and hence is not likely to change any time soon. The intricacy of this issue merits a long blog post all its own—see this post.

其他有趣的花絮:

IE's cookie code doesn't seem to support as defined in RFC2109 or RFC2965.

Internet Explorer (including IE8) does not attempt to support any RFC for cookies. WinINET (the network stack below IE) has cookie implementation based on the pre-RFC Netscape draft spec for cookies.

If I don’t specify a leading dot when setting the DOMAIN attribute, IE doesn’t care?

Correct. All current version browsers (Chrome, FF, Opera, etc) seem to treat a leading dot as implicit

来自 Microsoft Support (影响 IE 6.0、7.0 和 8.0):

Symptoms: A user opens a webpage from http://servername.xxx.yy. The web site at that address sets a cookie and specifies "xxx.yy" as the domain for that cookie. However, Internet Explorer does not save the cookie information.

Cause: For security reasons, Internet Explorer does not save cookie data for domains like xxx.yy, where .yy is a two-letter country code domain and the three letters xxx are one of the generic top level domain names: com, edu, gov, int, mil, net, or org. Domains of this form are treated as top level domains, effectively a country-specific version of the generic top level domain. For security reasons, wininet prevents setting cookies for such domains. In this case, xxx.yy is effectively a top level domain, and is protected in the same way as ".com" would be.

Resolution: This behavior is by design.