how do I test httpOnly cookie flag
I have set the following property in websphere for the js开发者_开发问答ession cookie
com.ibm.ws.webcontainer.HTTPOnlyCookies
.
Any idea how best to test this using JavaScript in Firefox or IE?
It's a pain in IE. I have IE9 so your screens may be different.
Press F12, go to the network tab, and then press Start Capturing. Back in IE then open the page you want to view. Back in the F12 window you show see all the individual HTTP requests, select the one that's the page or asset you're checking the cookies on and double click on it. You should then be able to see all the response headers and cookies on their relevant tabs.
Edit:
A HttpOnly Cookie would look something like this:
Set-Cookie: SessionId=z5ymkk45aworjo2l31tlhqqv; path=/; HttpOnly
The cookie may not be sent with every response, so you may need to clear all of your cookies and then try again to make sure one is sent with the request you're monitoring.
Firebug - click on the Cookies tab
firecookie for firefox gives me the answer.
The easiest way to do it on Chrome or Firfox is as below:
- Open the page for instance
somedomain.com
- Open
dev
tools by right clicking on page and then clicking onInspect
orInspect Element
- Click on
Network
tab - Click on any of the actual request and go to
Headers
section - Now look for
set-cookie
inresponse headers
Here is the screenshot for details
add the following lines to your app String
sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; secure; HttpOnly");
精彩评论