<p>I have two HTTP services running on one machine. I just want to know if they share their cookies or if the browser differentiates between these two server sockets. </p>
According to RFC2965 3.3.1 (which may or may not be followed by browsers), unless the port is explicitly specified via the port parameter of the Set-Cookie header , otherwise the cookie may or may not be sent to any port.
Google's Browser Security Manual states: By default, the scope of a cookie is limited to all URLs on the current hostname and is not bound to port or protocol information. A few lines later, There is no way to restrict the cookie to a single DNS name [...] Likewise, there is no way to restrict it to a specific port. (Also, keep in mind that IE does not consider port numbers in its same-origin policy at all.)
Therefore, it seems unsafe to rely on any well-defined behavior here.
The current cookie specification is RFC 6265, which supersedes RFC 2109 and RFC 2965 (these two RFCs are now marked as "historical") , and standardizes the syntax for the actual usage of cookies. It clearly states:
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
According to RFC2965 3.3.1 (which may or may not be followed by browsers), unless the port is explicitly specified via the
portparameter of theSet-Cookieheader , otherwise the cookie may or may not be sent to any port.Google's Browser Security Manual states: By default, the scope of a cookie is limited to all URLs on the current hostname and is not bound to port or protocol information. A few lines later, There is no way to restrict the cookie to a single DNS name [...] Likewise, there is no way to restrict it to a specific port. (Also, keep in mind that IE does not consider port numbers in its same-origin policy at all.)
Therefore, it seems unsafe to rely on any well-defined behavior here.
The current cookie specification is RFC 6265, which supersedes RFC 2109 and RFC 2965 (these two RFCs are now marked as "historical") , and standardizes the syntax for the actual usage of cookies. It clearly states:
besides: