ASP.NET 中的安全 Cookie
[英]Secure Cookies in ASP.NET
问题描述
I am still a little new to ASP.Net and am beginning to work with cookies.
我对 ASP.Net 还是有点陌生,并且开始使用 cookie。 I have a somewhat understanding of them and was wondering something about them.我对他们有一些了解,并想知道他们的一些事情。
This is in regards to securing cookies.这是关于保护 cookie 的。 I have httpOnlyCookies set to true as seen below.我将 httpOnlyCookies 设置为 true,如下所示。
<httpCookies httpOnlyCookies="true"/>
I noticed there was a Cookie.Secure property which I enabled as true.我注意到有一个 Cookie.Secure 属性,我将其启用为 true。 I did research on these two but am having trouble understanding the differences between the two.我对这两者进行了研究,但无法理解两者之间的差异。 Can someone provide some direction on this?有人可以提供一些指导吗? What would happen if I kept both set to true?如果我将两者都设置为 true 会发生什么? What else can I do to secure cookies other than using SSL?除了使用 SSL,我还能做些什么来保护 cookie?
Many Thanks!非常感谢!
1 个解决方案
解决方案1
2 已采纳 2015-10-01 22:21:23
httpOnlyCookies=true is a site wide web config setting that prevents client side scripts from accessing the cookies. httpOnlyCookies=true是站点范围的 Web 配置设置,可防止客户端脚本访问 cookie。 The cookie is still transmitted regardless of how secure the channel is ie via both http and https .无论通道有多安全,即通过http和https ,cookie 仍会传输。
Cookie.Secure tells the browser to only send the cookie if the channel is secure. Cookie.Secure告诉浏览器仅在通道安全时才发送 cookie。 ie https only .即https only 。
So the former setting describes what can access the cookie.所以前一个设置描述了可以访问 cookie 的内容。 The latter configures its transmission security requirements.后者配置其传输安全要求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.