Cookie内容摘要

学习Cookie必须要阅读rfc2109.txt和rfc2965.txt.

To prevent possible security or privacy violations, a user agent
   rejects a cookie (shall not store its information) if any of the
   following is true:

   * The value for the Path attribute is not a prefix of the request-
     URI.

   * The value for the Domain attribute contains no embedded dots or
     does not start with a dot.

   * The value for the request-host does not domain-match the Domain
     attribute.

   * The request-host is a FQDN (not IP address) and has the form HD,
     where D is the value of the Domain attribute, and H is a string
     that contains one or more dots.

   Examples:

   * A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com
     would be rejected, because H is y.x and contains a dot.

   * A Set-Cookie from request-host x.foo.com for Domain=.foo.com would
     be accepted.

   * A Set-Cookie with Domain=.com or Domain=.com., will always be
     rejected, because there is no embedded dot.

   * A Set-Cookie with Domain=ajax.com will be rejected because the
     value for Domain does not begin with a dot.

上段英文描述了浏览器在什么情况下拒绝接收服务器端Cookie情景！

Cookie的数据结构：key,path,domain,max-age

Cookie 的隶属关系: Cookie先属于path，再属于domain。

使用事项：

1. 避免在上级path和下级path中使用相同名字的cookie；
2. 如果要在下级path中修改上级path要制定cookie的path关系；
3. 在域的概念上,子域可以给父域设置cookie;反之不成立。

待续