setHeaders 函数不能与 Set-Cookie 标头一起使用。相反,你应该使用 cookies API。
¥The setHeaders function can’t be used with the Set-Cookie header. Instead, you should use the cookies API.
在你的 load 函数中,你可以使用 cookies.get(name, options) 读取 cookie:
¥In your load functions, you can read a cookie with cookies.get(name, options):
export function load({ cookies }) {
const visited = cookies.get('visited');
return {
visited: visited === 'true'
};
}要设置 cookie,请使用 cookies.set(name, value, options)。强烈建议你在设置 cookie 时明确配置 path,因为浏览器的默认行为(有点没用)是在当前路径的父级上设置 cookie。
¥To set a cookie, use cookies.set(name, value, options). It’s strongly recommended that you explicitly configure the path when setting a cookie, since browsers’ default behaviour — somewhat uselessly — is to set the cookie on the parent of the current path.
export function load({ cookies }) {
const visited = cookies.get('visited');
cookies.set('visited', 'true', { path: '/' });
return {
visited: visited === 'true'
};
}现在,如果你重新加载 iframe,Hello stranger! 将变成 Hello friend!。
¥Now, if you reload the iframe, Hello stranger! becomes Hello friend!.
调用 cookies.set(name, ...) 会导致写入 Set-Cookie 标头,但它也会更新 cookie 的内部映射,这意味着在同一请求期间对 cookies.get(name) 的任何后续调用都将返回更新的值。在底层,cookies API 使用流行的 cookie 包 — 传递给 cookies.get 和 cookies.set 的选项对应于 cookie documentation 中的 parse 和 serialize 选项。SvelteKit 设置以下默认值以使你的 cookie 更安全:
¥Calling cookies.set(name, ...) causes a Set-Cookie header to be written, but it also updates the internal map of cookies, meaning any subsequent calls to cookies.get(name) during the same request will return the updated value. Under the hood, the cookies API uses the popular cookie package — the options passed to cookies.get and cookies.set correspond to the parse and serialize options from the cookie documentation. SvelteKit sets the following defaults to make your cookies more secure:
{
httpOnly: true,
secure: true,
sameSite: 'lax'
}<script>
let { data } = $props();</script>
<h1>Hello {data.visited ? 'friend' : 'stranger'}!</h1>