Send a redirect response with the cookie set; when processing the (special) redirected URL test for the cookie - if it's there redirect to normal processing, otherwise redirect to an error state.

使用cookie集发送重定向响应;处理cookie的(特殊)重定向URL测试时 - 如果它重定向到正常处理,否则重定向到错误状态。

Note that this can only tell you the browser permitted the cookie to be set, but not for how long. My FF allows me to force all cookies to "session" mode, unless the site is specifically added to an exception list - such cookies will be discarded when FF shuts down regardless of the server specified expiry. And this is the mode I run FF in always.

请注意,这只能告诉您浏览器允许设置cookie,但不能告诉您多长时间。我的FF允许我强制所有cookie进入“会话”模式,除非该网站被特别添加到例外列表中 - 当FF关闭时,无论服务器指定的到期日期如何,这些cookie都将被丢弃。这就是我总是运行FF的模式。

You can use Javascript to accomplish that

您可以使用Javascript来实现这一目标

Library:

function createCookie(name, value, days) {
    var expires;
    if (days) {
        var date = new Date();
        date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
        expires = "; expires=" + date.toGMTString();
    }
    else expires = "";
    document.cookie = name + "=" + value + expires + "; path=/";
}

function readCookie(name) {
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for (var i = 0; i < ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0) == ' ') c = c.substring(1, c.length);
        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
    }
    return null;
}

function eraseCookie(name) {
    createCookie(name, "", -1);
}

function areCookiesEnabled() {
    var r = false;
    createCookie("testing", "Hello", 1);
    if (readCookie("testing") != null) {
        r = true;
        eraseCookie("testing");
    }
    return r;
}

Code to run:

要运行的代码:

alert(areCookiesEnabled());

Remember

This only works if Javascript is enabled!

这只适用于启用Javascript的情况!

I dont think there are direct ways to check. The best way is to store a value in the cookie and try to read them and decide whether cookies are enabled or not.

我不认为有直接的方法来检查。最好的方法是在cookie中存储一个值并尝试读取它们并决定是否启用cookie。

A common way of checking for cookie support is via a redirect.

检查cookie支持的常用方法是通过重定向。

It's a good idea to only do this when the user is trying to do something that initiates a session, such as logging in, or adding something to their cart. Otherwise, depending on how you handle it, you're potentially blocking access to your entire site for users - or bots - that don't support cookies.

当用户尝试执行启动会话的操作(例如登录或向其购物车添加内容)时,这样做是个好主意。否则,根据您的处理方式,您可能会阻止对不支持Cookie的用户(或机器人)访问整个网站。

First, the server checks the login data as normal - if the login data is wrong the user receives that feedback as normal. If it's right, then the server immediately responds with a cookie and a redirect to a page which is designed to check for that cookie - which may just be the same URL but with some flag added to the query string. If that second page doesn't receive the cookie, then the user receives a message stating that they cannot log in because cookies are disabled on their browser.

首先,服务器正常检查登录数据 - 如果登录数据错误,则用户正常接收该反馈。如果它是正确的,那么服务器立即响应一个cookie并重定向到一个页面,该页面旨在检查该cookie - 这可能只是相同的URL,但在查询字符串中添加了一些标志。如果该第二页未收到cookie,则用户会收到一条消息,指出他们无法登录,因为cookie已在其浏览器上禁用。

If you're following the Post-Redirect-Get pattern for your login form already, then this setting and checking of the cookie does not add any additional requests - the cookie can be set during the existing redirect, and checked by the destination that loads after the redirect.

如果您已经按照登录表单的Post-Redirect-Get模式进行操作,那么此设置和检查cookie不会添加任何其他请求 - 可以在现有重定向期间设置cookie,并由加载的目标检查重定向后。

Now for why I only do a cookie test after a user-initiated action other than on every page load. I have seen sites implement a cookie test on every single page, not realising that this is going to have effects on things like search engines trying to crawl the site. That is, if a user has cookies enabled, then the test cookie is set once, so they only have to endure a redirect on the first page they request and from then on there are no redirects. However, for any browser or other user-agent, like a search engine, that doesn't return cookies, every single page could simply result in a redirect.

现在为什么我只在用户启动的操作之后进行cookie测试,而不是每次加载页面。我看到网站在每一页上都实施了一个cookie测试,没有意识到这会对试图抓取网站的搜索引擎产生影响。也就是说,如果用户启用了cookie,那么测试cookie将被设置一次,因此他们只需要在他们请求的第一页上忍受重定向,从那时起就没有重定向。但是,对于任何不返回cookie的浏览器或其他用户代理(如搜索引擎),每个页面都可能只会导致重定向。

Another method of checking for cookie support is with Javascript - this way, no redirect is necessarily needed - you can write a cookie and read it back virtually immediately to see if it was stored and then retrieved. The downside to this is it runs in script on the client side - ie if you still want the message about whether cookies are supported to get back to the server, then you still have to organise that - such as with an Ajax call.

检查cookie支持的另一种方法是使用Javascript - 这样,不需要重定向 - 您可以编写一个cookie并立即将其读回来查看它是否已存储然后检索。这样做的缺点是它在客户端的脚本中运行 - 即如果你仍然想要关于是否支持cookie回到服务器的消息,那么你仍然需要组织它 - 比如使用Ajax调用。

For my own application, I implement some protection for 'Login CSRF' attacks, a variant of CSRF attacks, by setting a cookie containing a random token on the login screen before the user logs in, and checking that token when the user submits their login details. Read more about Login CSRF from Google. A side effect of this is that the moment they do log in, I can check for the existence of that cookie - an extra redirect is not necessary.

对于我自己的应用程序,我通过在用户登录之前在登录屏幕上设置包含随机令牌的cookie,并在用户提交登录时检查该令牌,为“登录CSRF”攻击(CSRF攻击的变体)实施一些保护。细节。阅读更多关于从Google登录CSRF的信息。这样做的副作用是,当他们登录时,我可以检查该cookie的存在 - 不需要额外的重定向。

I always used this:

我一直用这个:

navigator.cookieEnabled

According to w3schools "The cookieEnabled property is supported in all major browsers.".

根据w3schools的说法,“所有主流浏览器都支持cookieEnabled属性。”

However, this works for me when i am using forms, where i can instruct the browser to send the additional information.

但是,当我使用表单时,这对我有用,我可以指示浏览器发送附加信息。

Usually, you might only need to check for cookie support after the user has taken some action on the site, such as submitting a login form, adding an item to their cart, and so on.

通常,您可能只需要在用户对网站执行某些操作后检查cookie支持,例如提交登录表单,将项目添加到购物车等等。

For me currently, checking for cookie support goes hand-in-hand with CSRF (Cross-Site Request Forgery) prevention.

对我来说,检查cookie支持与CSRF(跨站点请求伪造)预防密切相关。

You should probably go elsewhere to read more about CSRF, but the idea behind it is that other sites may trick or your users into submitting a hidden form of their choosing to your own site. The way around this is to set a cookie when the viewer sees a form, and set a matching token as a hidden form element, and then when processing the form, check that both the cookie and hidden form element were set and match each other. If it is an attempted CSRF attack, the site won't be able to provide the hidden field to match the user's cookie, because the user's cookie won't be readable to them under the same-origin policy.

您可能应该去其他地方阅读有关CSRF的更多信息,但其背后的想法是,其他网站可能会欺骗或您的用户提交他们选择的隐藏形式到您自己的网站。解决这个问题的方法是在查看者看到表单时设置cookie,并将匹配的标记设置为隐藏表单元素,然后在处理表单时,检查cookie和隐藏表单元素是否已设置并相互匹配。如果是企图进行CSRF攻击,则该站点将无法提供与用户cookie相匹配的隐藏字段,因为根据同源策略,用户的cookie将无法读取。

If a form is submitted having no cookie, but it does contain a valid-looking token, then you can conclude from this that the user has cookies disabled and throw up a message indicating that the user should enable cookies and re-try. The other possibility, of course, is that the user is the victim of an attempted CSRF attack. So blocking the user when the cookie doesn't match will also have the side-effect of preventing that attack.

如果提交的表单没有cookie,但它确实包含有效的令牌,那么您可以从中得出结论,用户已禁用cookie并抛出一条消息,指示用户应启用cookie并重试。当然,另一种可能性是用户是CSRF攻击企图的受害者。因此,当cookie不匹配时阻止用户也会产生防止该攻击的副作用。

Try to store something into a cookie, and then read it. If you don't get what you expect, then cookies are probably disabled.

尝试将某些内容存储到cookie中,然后阅读它。如果你没有得到你期望的,那么cookie可能被禁用。

check this code , it' will help you .

检查此代码,它会帮助你。

<?php
session_start();

function visitor_is_enable_cookie() {
    $cn = 'cookie_is_enabled';
    if (isset($_COOKIE[$cn]))
        return true;
    elseif (isset($_SESSION[$cn]) && $_SESSION[$cn] === false)
        return false;

    // saving cookie ... and after it we have to redirect to get this
    setcookie($cn, '1');
    // redirect to get the cookie
    if(!isset($_GET['nocookie']))
        header("location: ".$_SERVER['REQUEST_URI'].'?nocookie') ;

    // cookie isn't availble
    $_SESSION[$cn] = false;
    return false;
}

var_dump(visitor_is_enable_cookie());

The question whether cookies are "enabled" is too boolean. My browser (Opera) has a per-site cookie setting. Furthermore, that setting is not yes/no. The most useful form is in fact "session-only", ignoring the servers' expiry date. If you test it directly after setting, it will be there. Tomorrow, it won't.

cookie是否“启用”的问题太过布尔。我的浏览器(Opera)具有每站点cookie设置。此外,该设置不是是/否。最有用的形式实际上是“仅会话”,忽略了服务器的到期日期。如果您在设置后直接测试它,它将在那里。明天,它不会。

Also, since it's a setting you can change, even testing whether cookies do remain only tells you about the setting when you tested. I might have decided to accept that one cookie, manually. If I keep being spammed, I can (and at times, will) just turn off cookies for that site.

此外,由于它是一个您可以更改的设置,甚至测试cookie是否仍然只是在测试时告诉您有关设置的信息。我可能已经决定手动接受一个cookie。如果我继续发送垃圾邮件,我可以(有时候会)关闭该网站的cookie。

If you only want to check if session cookies (cookies that exist for the lifetime of the session) are enabled, set your session mode to AutoDetect in your web.config file, then the Asp.Net framework will write a cookie to the client browser called AspxAutoDetectCookieSupport. You can then look for this cookie in the Request.Cookies collection to check if session cookies are enabled on the client.

如果您只想检查会话cookie(会话生命周期中存在的cookie)是否已启用,请在web.config文件中将会话模式设置为AutoDetect,然后Asp.Net框架将cookie写入客户端浏览器名为AspxAutoDetectCookieSupport。然后,您可以在Request.Cookies集合中查找此cookie,以检查客户端上是否启用了会话cookie。

E.g. in your web.config file set:

例如。在您的web.config文件集中:

<sessionState cookieless="AutoDetect" />

Then check if cookies are enabled on the client with:

然后检查客户端上是否启用了cookie:

if (Request.Cookies["AspxAutoDetectCookieSupport"] != null)  { ... }

Sidenote: By default this is set to UseDeviceProfile, which will attempt to write cookies to the client so long as the client supports them, even if cookies are disabled. I find it slightly odd that this is the default option as it seems sort of pointless - sessions won't work with cookies disabled in the client browser with it set to UseDeviceProfile, and if you support cookieless mode for clients that don't support cookies, then why not use AutoDetect and support cookieless mode for clients that have them disabled...

旁注:默认设置为UseDeviceProfile,只要客户端支持cookie,即使禁用了cookie,它也会尝试将cookie写入客户端。我觉得这有点奇怪,这是默认选项,因为它看起来毫无意义 - 会话不适用于在客户端浏览器中禁用的Cookie,并且设置为UseDeviceProfile,并且如果您为不支持cookie的客户端支持cookieless模式那么为什么不使用AutoDetect并为禁用它们的客户支持cookieless模式...

I'm using a much more simplified version of "balexandre"'s answer above. It tries to set, and read a session cookie for the sole purpose of determining if cookies are enabled. And yes, this requires that JavaScript is enabled as well. So you may want a tag in there if you care to have one.

我正在使用更简化版的“balexandre”上面的答案。它尝试设置和读取会话cookie,其唯一目的是确定是否启用了cookie。是的,这需要启用JavaScript。因此,如果你想要一个标签,你可能需要一个标签。

<script>
// Cookie detection
document.cookie = "testing=cookies_enabled; path=/";
if(document.cookie.indexOf("testing=cookies_enabled") < 0)
{
    // however you want to handle if cookies are disabled
    alert("Cookies disabled");
}
</script>
<noscript>
    <!-- However you like handling your no JavaScript message -->
    <h1>This site requires JavaScript.</h1>
</noscript>

The cookieEnabled property returns a Boolean value that specifies whether or not cookies are enabled in the browser

cookieEnabled属性返回一个布尔值,指定是否在浏览器中启用了cookie

<script>
if (navigator.cookieEnabled) {
    // Cookies are enabled
}
else {
    // Cookies are disabled
}
</script>

NodeJS - Server Side - Cookie Check Redirect Middleware - Express Session/Cookie Parser

NodeJS - 服务器端 - Cookie检查重定向中间件 - 快速会话/ Cookie解析器

Dependencies

var express = require('express'),
    cookieParser = require('cookie-parser'),
    expressSession = require('express-session')

Middleware

return (req, res, next) => {
  if(req.query.cookie && req.cookies.cookies_enabled)
    return res.redirect('https://yourdomain.io' + req.path)
  if(typeof(req.cookies.cookies_enabled) === 'undefined' && typeof(req.query.cookie) === 'undefined') {
    return res.cookie('cookies_enabled', true, {
      path: '/',
      domain: '.yourdomain.io',
      maxAge: 900000, 
      httpOnly: true,
      secure: process.env.NODE_ENV ? true : false
    }).redirect(req.url + '?cookie=1')
  }
  if(typeof(req.cookies.cookies_enabled) === 'undefined') {
    var target_page = 'https://yourdomain.io' + (req.url ? req.url : '')
    res.send('You must enable cookies to view this site.<br/>Once enabled, click <a href="' + target_page + '">here</a>.')
    res.end()
    return
  }
  next()
}

Use navigator.CookieEnabled for cookies enabled(it will return true of false) and the Html tag noscript. By the way navigator.cookieEnabled is javascript so don't type it in as HTML

使用navigator.CookieEnabled启用cookie(它将返回true为false)和Html标签noscript。顺便说一句navigator.cookieEnabled是javascript所以不要输入HTML格式

<?php   session_start();
if(SID!=null){
  echo "Please enable cookie";
}
?>