Problem with HttpOnly Cookies_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-02 13:01 出处：网络

I have a problem with creating HttpOnly Cookies , I use the following code to creat new cookie: //A.aspx

I have a problem with creating HttpOnly Cookies , I use the following code to creat new cookie:

    //A.aspx
    HttpCookie ht = new HttpCookie("www");
    ht.Value = "www";
    ht.Name = "www";
    ht.HttpOnly = true;
    ht.Expires = DateTime.Now.AddDays(1);
    Response.AppendCookie(ht);
    Response.Redirect("B.aspx");

    //B.aspx
    HttpCookie co开发者_开发问答okie = Request.Cookies["Allowed"];
    HttpCookie htt = Request.Cookies["www"];
    if (cookie != null)
    {
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);
    }
    else
    {
        cookie = new HttpCookie("Allowed");
        cookie.HttpOnly = true;
        cookie.Value = "ping";
        cookie.Expires = DateTime.Now.AddMinutes(2);
        Response.Cookies.Add(cookie);  
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);

    }

The problem is that the final result is always : False, although the HttpOnly property is set to True .

Can anyone explain me a way to figure this out ?

Thanx

Cookie parameters (expiration date, path, HttpOnly etc) are not sent back to the server by the browser, only the values. Sending them back would only introduce unnecessary bloat. Therefore the cookies in Request.Cookies will only contain the names and values.

If you want to see if your HttpOnly value is taking effect, use Firecookie or something similar to inspect the cookies. Or try accessing them in JavaScript - that's what it's supposed to prevent.