开发者

HttpCookie.HttpOnly in .NET and JavaScript

开发者 https://www.devze.com 2023-01-20 00:38 出处:网络
Hello A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true. Okay - I have done it. Next question:

Hello A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true. Okay - I have done it. Next question:

  1. Is Cookie available after setting flag in JavaScript?
  2. or maybe some restriction when I am using JavaScript?
  3. or do I need to make some changes in existing Java开发者_运维问答Script?


The purpose of using HttpOnly is to prevent Javascript from accessing the cookie, primarily to prevent XSS attacks. There are decent write-ups on CodingHorror and MSDN about it.

Bottom line: if you need access to the cookie with Javascript you can not use HttpOnly.

0

精彩评论

暂无评论...
验证码 换一张
取 消