HttpCookie.HttpOnly in .NET and JavaScript
Hello
A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true
. Okay - I have done it. Next question:
- Is Cookie available after setting flag in JavaScript?
- or maybe some restriction when I am using JavaScript?
- or do I need to make some changes in existing Java开发者_运维问答Script?
The purpose of using HttpOnly
is to prevent Javascript from accessing the cookie, primarily to prevent XSS attacks. There are decent write-ups on CodingHorror and MSDN about it.
Bottom line: if you need access to the cookie with Javascript you can not use HttpOnly.
精彩评论