How is the DOM object document.cookie property built?
https://stackoverflow.com/questions/5810882
-
25-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
When you are served a web page, who builds the DOM document? Is it strictly the server printing HTML? How is the browser involved? I am specifically interested in knowing how is the document.cookie property populated.
A) The server populates document.cookie
- The browser stores a cookie for foobar.com in the users hard drive.
- The next time foobar.com is visited, the browser presents all cookies for foobar.com to the server.
- The server builds the DOM document.cookie property based on these cookies.
B) The browser populates document.cookie
- The browser stores a cookie for foobar.com in the users hard drive.
- The next time foobar.com is visited, the server goes on about constructing and serving the HTML.
- Somewhere before or after the browser grabs all the cookies on the hard drive and populates document.cookie.
I am interested in this information because I'm studying how cookie stripping at proxy servers such as Varnish and Squid can affect cookies. If document.cookie was built by the server (option A above), then I would assume cookie stripping by proxies would affect the document.cookie property. I am however party inclined to think B is the case since I have a directive in a Varnish server to specifically strip a cookie, but the data of the cookie remains persistent in document.cookie even after stripping it from the request.
This question is especially important for people who have websites behind Varnish, since a request that comes attached with a cookie negates the use of cached data and generates a back-end hit.
해결책
The DOM is built and used by the browser based on the server's response. Part of the job of a browser's layout engine is to parse the HTML returned by the server into the DOM. Unfortunately, the different browsers use different layout engines, so the DOM tree sometimes has differences within it.
document.cookie specifically is a attribute of the DOM Level 1 spec. As was said, the correct answer is more or less (B). Cookies are packaged as part of the request that a client sends to the server, and although the server can set cookies in the response, in the end they all reside in the client side.
다른 팁
The Server sends data to the browser which interprets it and builds a DOM tree. the cookies are sent along with the data and are not built into the DOM, but instead stored on the local machine. basically B. The browser can manipulate cookies on the machine; the server can manipulate any cookies it's issued.
