Cookie没有HttpOnly标志
0.00
★560次@
A:
Cookie没有HttpOnly标志
对一些重要的Cookie添加HttpOnly标志
添加方法:
javaEE:
response.setHeader("Set-Cookie", "cookiename=value;
Path=/;Domain=domainvalue;Max-Age=seconds;HTTPOnly");
设置完毕后通过js脚本是读不到该cookie的,但使用如下方式可以读取
Cookie cookies[]=request.getCookies();
Servlet3:
在web.xml中添加如下片段:
PHP4:
header("Set-Cookie: hidden=value; httpOnly");
PHP5:
setcookie("abc", "test", NULL, NULL, NULL, NULL, TRUE);
最后一个参数为HttpOnly属性
C#:
HttpCookie myCookie = new HttpCookie("myCookie");
myCookie.HttpOnly = true;
Response.AppendCookie(myCookie);
VB.NET:
Dim myCookie As HttpCookie = new HttpCookie("myCookie")
myCookie.HttpOnly = True
Response.AppendCookie(myCookie)
在 .NET 1.1 中您需要手动添加:
Response.Cookies[cookie].Path += ";HTTPOnly";
硬件app
