开发者

Problem with HttpOnly Cookies

I have a problem with creating HttpOnly Cookies , I use the following code to creat new cookie:

    //A.aspx
    HttpCookie ht = new HttpCookie("www");
    ht.Value = "www";
    ht.Name = "www";
    ht.HttpOnly = true;
    ht.Expires = DateTime.Now.AddDays(1);
    Response.AppendCookie(ht);
    Response.Redirect("B.aspx");

    //B.aspx
    HttpCookie co开发者_开发问答okie = Request.Cookies["Allowed"];
    HttpCookie htt = Request.Cookies["www"];
    if (cookie != null)
    {
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);
    }
    else
    {
        cookie = new HttpCookie("Allowed");
        cookie.HttpOnly = true;
        cookie.Value = "ping";
        cookie.Expires = DateTime.Now.AddMinutes(2);
        Response.Cookies.Add(cookie);  
        Response.Write(cookie.HttpOnly);
        Response.Write(htt.HttpOnly);

    }

The problem is that the final result is always : False, although the HttpOnly property is set to True .

Can anyone explain me a way to figure this out ?

Thanx


Cookie parameters (expiration date, path, HttpOnly etc) are not sent back to the server by the browser, only the values. Sending them back would only introduce unnecessary bloat. Therefore the cookies in Request.Cookies will only contain the names and values.

If you want to see if your HttpOnly value is taking effect, use Firecookie or something similar to inspect the cookies. Or try accessing them in JavaScript - that's what it's supposed to prevent.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜