开发者

HttpCookie.HttpOnly in .NET and JavaScript

Hello A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true. Okay - I have done it. Next question:

  1. Is Cookie available after setting flag in JavaScript?
  2. or maybe some restriction when I am using JavaScript?
  3. or do I need to make some changes in existing Java开发者_运维问答Script?


The purpose of using HttpOnly is to prevent Javascript from accessing the cookie, primarily to prevent XSS attacks. There are decent write-ups on CodingHorror and MSDN about it.

Bottom line: if you need access to the cookie with Javascript you can not use HttpOnly.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜