[英]Get the cookie from an HTTP request header
On Google Chrome, when I look at the HTTP request headers under the "Network" tab using the chrome console, it provides me the following request headers: 在Google Chrome浏览器上,当我使用chrome控制台查看“网络”标签下的HTTP请求标头时,它为我提供了以下请求标头:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:ASP.NET_SessionId=nlbupfbt32jda1tziep4p21r; .ASPXAUTH=8C94786DD4A3C03C5548973E04A76FF554F38D6EB74E0B006AB3C3F72684E94DC0469E28D22E4BBFA069B82B1CCFB4203627D998990C6C96897DDBB0F611809175D5F06F015604082481F0079AE48DAB7974F3D63242055BEC75F707C545666C67B7C9D9E53F7531020235881E9DA4F3C26FD02B0ED0971D02C64DFE96F67C745119F44BBC9E46DC2CEF61D639EA01B9
... more headers ...
What I am trying to get is the data under Cookie. 我想要得到的是Cookie下的数据。 I have tried document.cookie
but it returns an empty string. 我尝试了document.cookie
但是它返回一个空字符串。 How can I grab that cookie information? 我该如何获取Cookie信息?
document.cookies
returns nothing because the cookie is almost certainly marked with the HttpOnly attribute. document.cookies
不会返回任何内容,因为几乎可以肯定地将Cookie标记为HttpOnly属性。
The presence of this attribute tells the browser to disallow access to the cookie value via document.cookie
. 此属性的存在告诉浏览器禁止通过document.cookie
访问cookie值。
This is a security measure to prevent against session hijacking via cross-site scripting mostly. 这是一种安全措施,可防止大多数情况下通过跨站点脚本阻止会话劫持 。
如果cookie是使用仅HTTP标志设置的,则无法使用JavaScript读取它-这是一种防止会话劫持的安全措施,应为包括会话cookie在内的任何代理标识符进行设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.