如果 Web.Config 保护所有 cookies,我怎么不能在 Asp.Net 中保护一个 cookies?
[英]How can I not secure one cookies in Asp.Net if Web.Config secure all cookies?
问题描述
If the Web.config has this setting:
如果 Web.config 有这个设置:
<httpCookies httpOnlyCookies="true" requireSSL="true" />
All the cookies are now with Secure and HttpOnly flag, but what if I do need one cookie to be not secured so that I can pass something to the client for its javascript to read the data within it?现在所有的 cookies 都带有 Secure 和 HttpOnly 标志,但是如果我确实需要一个不安全的 cookie 以便我可以将某些东西传递给客户端,以便其 javascript 读取其中的数据,该怎么办? How can I make this cookie not with Secure and HttpOnly flag?如何使这个 cookie 不带有 Secure 和 HttpOnly 标志?
I need this data to be available for any page, is there a way other than cookie?我需要这些数据可用于任何页面,除了 cookie 之外还有其他方法吗?
Thanks,谢谢,
1 个解决方案
解决方案1
0 已采纳 2020-08-15 14:47:04
It turned out that the setting in your code take over the setting in Web.Config.事实证明,您的代码中的设置接管了 Web.Config 中的设置。 Only cookies that have not been specified with Secure and HttpOnly then will be affected by the setting in Web.Config.只有没有使用 Secure 和 HttpOnly 指定的 cookies 会受 Web.Config 中的设置影响。
The example code:示例代码:
filterContext.HttpContext.Response.Cookies.Add(new HttpCookie("mycookie", "mycookievalue") {
Secure = false,HttpOnly = false
});
So "mycookie" will not be secured regardless what is the setting in Web.Config因此,无论 Web.Config 中的设置是什么,都不会保护“mycookie”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.