For whatever reason when I try to set the secure and HttpOnly properties through Javascript, they fail to get set. Here is the code that is being used:
function Selected(StationID,QueryString)
{
ClearColours();
document.getElementById(StationID).className='StationSummary_Container_Selected';
setCookie('selectedItem',StationID,1);
setCookie('selectedItemValue',StationID,1);
setCookie('selectedItemQString',QueryString,1);
window.location="#" + StationID;
parent.frames["stationDetail"].location = "StationDetail.aspx?" + QueryString;
parent.frames["message"].location = "StationMessage.aspx?" + QueryString;
}
function setCookie(NameOfCookie, value, expiredays) {
var ExpireDate = new Date();
ExpireDate.setTime(ExpireDate.getTime() + (expiredays * 24 * 3600 * 1000));
var newCookie = NameOfCookie + "=" + escape(value) + ((expiredays == null) ? "" : "; expires=" + ExpireDate.toGMTString()) + "; Secure; HttpOnly";
document.cookie = newCookie;
}
Thanks in advance for any tips on this.
答案 0 :(得分:0)
The browser does not allow you to read or write HttpOnly attribute using JavaScript for security reasons.
The clue is in the name, I guess: HttpOnly.
You can set these attributes on the server if you need to.