Question

我在创建HttpOnly Cookies时遇到问题，我使用以下代码创建新cookie：

    //A.aspx
    HttpCookie ht = new HttpCookie("www");
    ht.Value = "www";
    ht.Name = "www";
    ht.HttpOnly = true;
    ht.Expires = DateTime.Now.AddDays(1);
    Response.AppendCookie(ht);
    Response.Redirect("B.aspx");

    //B.aspx
    HttpCookie cookie = Request.Cookies["Allowed"];
    HttpCookie htt = Request.Cookies["www"];
    if (cookie != null)
    {
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);
    }
    else
    {
        cookie = new HttpCookie("Allowed");
        cookie.HttpOnly = true;
        cookie.Value = "ping";
        cookie.Expires = DateTime.Now.AddMinutes(2);
        Response.Cookies.Add(cookie);  
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);

    }

问题是最终结果总是：False，尽管HttpOnly属性设置为True。
任何人都可以解释一下解决这个问题的方法吗？
Thanx

Answer 1

Cookie参数（到期日期，路径，HttpOnly等）不会被浏览器发送回服务器，只会返回值。将它们送回会只会引起不必要的臃肿。因此，Request.Cookies中的Cookie只包含名称和值。

如果您想查看您的HttpOnly值是否生效，请使用Firecookie或类似内容来检查Cookie。或者尝试使用JavaScript访问它们 - 这就是它应该阻止的内容。

HttpOnly Cookies的问题

1 个答案: