vue-cookies icon indicating copy to clipboard operation
vue-cookies copied to clipboard

Published 20 hours ago verified publisher icon cmp-cc

Sometimes $cookies.set is not consistent with `document.cookie=`

Open lifubang opened this issue 4 years ago • 5 comments

When we use document.cookie='[email protected]', the value of document.cookie is [email protected]; But when we use this.$cookies.set('email', '[email protected]'), the value of document.cookie is email=lifubang%40acmcoder.com.

It's ok when we just use cookie in front-end, but the back-end will get an inconsistent cookie value when we use vue-cookies to replace document.cookie= in front-end, it would cause the back-end to upgrade their code.

lifubang avatar Dec 16 '20 15:12 lifubang

The cookie value string can use encodeURIComponent() to ensure that the string does not contain any commas, semicolons, or whitespace (which are disallowed in cookie values).

encodeURIComponent/decodeURIComponent escape sequences (e.g. comma, quotes, [], : , ; etc)

back-end transcoding

Java Example:

URLDecoder.decode("lifubang%40acmcoder.com", "utf-8");

PHP Example:

urldecode("lifubang%40acmcoder.com")

cmp-cc avatar Dec 17 '20 04:12 cmp-cc

The cookie value string can use encodeURIComponent() to ensure that the string does not contain any commas, semicolons, or whitespace (which are disallowed in cookie values).

I think the operation document.cookie=*** will handle these cases by itself. You can try it in chrome console window.

back-end transcoding

Yes, back-end can decode it correctly. My thought is that we should not force the back-end to change the code when I use vue-cookies to replace document.cookie=.

lifubang avatar Dec 17 '20 05:12 lifubang

I agree with @lifubang in that I am having issues with this as well.

I don't mind if the value is encoded in the cookie storage, but the decode does not work for me when I get cookies back. When I use Vue.$cookies.get() it returns the escaped strings for me, so the functionality is ruined.

My understanding is that the cookie stores a standard string and handles all required escaping itself as well.

Connor1st avatar Dec 27 '20 19:12 Connor1st

but the decode does not work for me when I get cookies back

Yes, we may hit this issues when we read the cookie created by the back-end. So I update the commit of the #67 .

lifubang avatar Dec 28 '20 01:12 lifubang

当cookie含有 ASCII 特殊符号时,encodeURIComponent会对key or value 进行编码,这样会导致接下来的请求后端cookies校验无法通过,希望不要对@&=+$#这些特殊符号进行编译。

liuyang92 avatar Feb 16 '22 02:02 liuyang92