.NET中的Cookie设置HttpOnly,可以防止JS获取Cookie的值
2013-03-25 09:54
489 查看
HttpCookie myHttpCookie =
new HttpCookie("LastVisit",
DateTime.Now.ToString());
myHttpCookie.Name = "MyHttpCookie";
//中文编码,防止js获取的Cookie值是乱码,编码之后再解码就不会出现乱码,当然在实际中使用的时候是不需要编码的
//因为我们就是为了防止js获取Cookie的值,当然在低版本的IE(IE6以下)还是可以取得
myHttpCookie.Value = HttpUtility.UrlEncode("默认值");
Response.AppendCookie(myHttpCookie);
Response.Write(string.Format("{0}={1}", myHttpCookie.Name,
HttpUtility.UrlDecode(myHttpCookie.Value)));
//HttpOnly的Cookie
HttpCookie myHttpOnlyCookie =
new HttpCookie("LastVisit",
DateTime.Now.ToString());
myHttpOnlyCookie.HttpOnly = true;
myHttpOnlyCookie.Name = "MyHttpOnlyCookie";
myHttpOnlyCookie.Value = "Only值";
Response.AppendCookie(myHttpOnlyCookie);
Response.Write(string.Format("{0}={1}", myHttpOnlyCookie.Name, myHttpOnlyCookie.Value));
Js获取Cookie的值,看是否可以获取到,测试
function getCookie(name){
var arr = document.cookie.match(new RegExp("(^| )"+name+"=([^;]*)(;|$)"));
if(arr !=
null) return decodeURI(arr[2]);
return null;
}
alert(getCookie("MyHttpCookie"));//默认值
alert(getCookie("MyHttpOnlyCookie"));//null
// alert(document.cookie);
或直接在地址栏输入:javascript:alert(document.cookie);
new HttpCookie("LastVisit",
DateTime.Now.ToString());
myHttpCookie.Name = "MyHttpCookie";
//中文编码,防止js获取的Cookie值是乱码,编码之后再解码就不会出现乱码,当然在实际中使用的时候是不需要编码的
//因为我们就是为了防止js获取Cookie的值,当然在低版本的IE(IE6以下)还是可以取得
myHttpCookie.Value = HttpUtility.UrlEncode("默认值");
Response.AppendCookie(myHttpCookie);
Response.Write(string.Format("{0}={1}", myHttpCookie.Name,
HttpUtility.UrlDecode(myHttpCookie.Value)));
//HttpOnly的Cookie
HttpCookie myHttpOnlyCookie =
new HttpCookie("LastVisit",
DateTime.Now.ToString());
myHttpOnlyCookie.HttpOnly = true;
myHttpOnlyCookie.Name = "MyHttpOnlyCookie";
myHttpOnlyCookie.Value = "Only值";
Response.AppendCookie(myHttpOnlyCookie);
Response.Write(string.Format("{0}={1}", myHttpOnlyCookie.Name, myHttpOnlyCookie.Value));
Js获取Cookie的值,看是否可以获取到,测试
function getCookie(name){
var arr = document.cookie.match(new RegExp("(^| )"+name+"=([^;]*)(;|$)"));
if(arr !=
null) return decodeURI(arr[2]);
return null;
}
alert(getCookie("MyHttpCookie"));//默认值
alert(getCookie("MyHttpOnlyCookie"));//null
// alert(document.cookie);
或直接在地址栏输入:javascript:alert(document.cookie);
相关文章推荐
- .net 获取浏览器Cookie(包括HttpOnly)实例分享
- .net 获取浏览器Cookie(包括HttpOnly)实例分享
- .net 获取浏览器Cookie(包括HttpOnly)
- 设置HttponlyCookie解决mshtml编程无法获取验证码图片流
- Cookie设置HttpOnly属性,防止前端脚本更改cookie的XSS攻击
- .net 获取浏览器Cookie(包括HttpOnly)实例分享
- PHP设置Cookie的HTTPONLY属性
- C# mvc js cookie 接收手机验证码并防止页面刷新后重复获取验证码
- httpclient4.5获取和设置cookie
- 关于属性HTTPONLY的COOKIE的获取
- httpclient4.5获取和设置cookie
- cookie设置HttpOnly
- js -- 设置、获取、删除cookie
- js设置、获取单值cookie和多值cookie
- 原生js设置,获取,删除cookie demo
- Java Servlet 2.5 设置 cookie httponly
- cas用httpclient登录,并获取ticket,可以很方便扩展,如果要ajax登录可以基于这个接口,在resp种植castgc的cookie到浏览器
- jsp设置cookie的HTTPOnly属性
- PHP设置Cookie的HTTPONLY属性
- php设置cookie,在js中如何获取