[英]how to read HttpOnly cookies using JavaScript?
I already tried document.cookie
and it didn't work.我已经尝试过
document.cookie
但它没有用。 I tried researching but I couldn't find a solution.我尝试研究但找不到解决方案。
You can't - thats the whole point of HttpOnly
你不能 - 这就是
HttpOnly
的全部意义
A cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API;
JavaScript Document.cookie API 无法访问带有HttpOnly属性的cookie; it is sent only to the server.
它仅发送到服务器。 For example, cookies that persist server-side sessions don't need to be available to JavaScript, and should have the HttpOnly attribute.
例如,保持服务器端会话的 cookies 不需要对 JavaScript 可用,并且应该具有 HttpOnly 属性。 This precaution helps mitigate cross-site scripting (XSS) attacks
此预防措施有助于缓解跨站点脚本 (XSS) 攻击
Info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies信息: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
If your cookie does not contain sensitive info (such as a server-side session) then it should not be marked HttpOnly
!如果您的 cookie 不包含敏感信息(例如服务器端会话),则不应将其标记为
HttpOnly
!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.