开发者

Problem with HttpOnly Cookies

开发者 https://www.devze.com 2023-03-02 13:01 出处:网络
I have a problem with creating HttpOnly Cookies , I use the following code to creat new cookie: //A.aspx

I have a problem with creating HttpOnly Cookies , I use the following code to creat new cookie:

    //A.aspx
    HttpCookie ht = new HttpCookie("www");
    ht.Value = "www";
    ht.Name = "www";
    ht.HttpOnly = true;
    ht.Expires = DateTime.Now.AddDays(1);
    Response.AppendCookie(ht);
    Response.Redirect("B.aspx");

    //B.aspx
    HttpCookie co开发者_开发问答okie = Request.Cookies["Allowed"];
    HttpCookie htt = Request.Cookies["www"];
    if (cookie != null)
    {
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);
    }
    else
    {
        cookie = new HttpCookie("Allowed");
        cookie.HttpOnly = true;
        cookie.Value = "ping";
        cookie.Expires = DateTime.Now.AddMinutes(2);
        Response.Cookies.Add(cookie);  
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);

    }

The problem is that the final result is always : False, although the HttpOnly property is set to True .

Can anyone explain me a way to figure this out ?

Thanx


Cookie parameters (expiration date, path, HttpOnly etc) are not sent back to the server by the browser, only the values. Sending them back would only introduce unnecessary bloat. Therefore the cookies in Request.Cookies will only contain the names and values.

If you want to see if your HttpOnly value is taking effect, use Firecookie or something similar to inspect the cookies. Or try accessing them in JavaScript - that's what it's supposed to prevent.

0

精彩评论

暂无评论...
验证码 换一张
取 消