堆栈内存溢出
  简体   繁体   English

有没有办法从C#Selenium测试中删除HttpOnly cookie?

[英]Is there any way to delete an HttpOnly cookie from C# Selenium tests?

 原文  2010-05-25 14:58:52       c#/ cookies/ automated-tests/ selenium-rc/ selenium-grid

问题描述

I have a set of C# Selenium tests that need to delete a cookie that has the HttpOnly flag set. 我有一组C#Selenium测试,需要删除一个设置了HttpOnly标志的cookie。

Unfortunately the DefaultSelenium.GetCookie() and DefaultSelenium.DeleteCookie() commands aren't able to access the cookie, because it has that HttpOnly flag set. 不幸的是, DefaultSelenium.GetCookie()DefaultSelenium.DeleteCookie()命令无法访问cookie,因为它设置了HttpOnly标志。 I've confirmed this by removing the flag by hand, and checking that subsequent calls to either of those methods are then happily able to manipulate the cookie in question. 我已经通过手动删除标志来确认这一点,并检查对这些方法中的任何一个的后续调用是否能够愉快地操纵有问题的cookie。

Is there any other way to do this via the Selenium .NET client driver? 有没有其他方法可以通过Selenium .NET客户端驱动程序执行此操作?

All ideas welcome! 欢迎所有想法!

1 个解决方案

解决方案1
 4 已采纳  2010-05-27 07:53:54

Since I was unable to do this via the client driver, I had to find an alternative method. 由于我无法通过客户端驱动程序执行此操作,因此我必须找到另一种方法。 Fortunately, the web app under test has a selection of test pages that allow interaction with the session cookie (being the HttpOnly cookie I was trying to access) and so I was able to achieve my goal by automating those pages instead. 幸运的是,正在测试的Web应用程序有一系列测试页面,允许与会话cookie进行交互(是我试图访问的HttpOnly cookie),因此我能够通过自动化这些页面来实现我的目标。

For anybody else that encounters this issue, there's a good SO answer here about how HttpOnly is burned into ASP.NET. 对于遇到此问题的其他人来说,这里有一个很好的答案,关于如何将HttpOnly刻录到ASP.NET中。

Additionally, this SO answer points out how HttpOnly can be manipulated via the app's web.config, with the caveat that it can only be turned on, not off. 此外, 这个SO答案指出如何通过应用程序的web.config操纵HttpOnly,但需要注意的是它只能打开,而不能关闭。

Anybody willing to alter their application for testing purposes should check out this workaround , basically altering the Session_Start method in Global.asax to strip out the HttpOnly flag so that is accessible to client script. 任何愿意为测试目的更改其应用程序的人都应该检查这个解决方法 ,基本上改变Global.asax中的Session_Start方法以去除HttpOnly标志,以便客户端脚本可以访问它。 This kind of workaround should only be used in a test environment however, as it opens the security hole that HttpOnly was introduced to close - namely a XSS vulnerability. 这种解决方法只应该在测试环境中使用,因为它打开了HttpOnly引入关闭的安全漏洞 - 即XSS漏洞。 Jeff Atwood wrote a good blog post about it here . 杰夫阿特伍德在这里写了一篇很好的博客文章。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C#获取httponly cookie - c# Get httponly cookie Selenium/C#:隐藏自动化测试密码的最佳方法? - Selenium/C#: Best way to hide passwords for automation tests? 在mvc中没有删除Cookie(c#) - Cookie is not delete in mvc(c#) 删除C#中的cookie问题 - Delete cookie issue in C# Browserstack中的Selenium C#测试 - Selenium C# tests in Browserstack 在Selenium WedDriver C#等待元素的任何更好和更强大的方法? - Any better and robust way for waiting for element in Selenium WedDriver C#? 有什么方法可以使用 Selenium C# 为 Safari 使用旧协议 - Is there any way to use the legacy protocol for Safari using Selenium C# C# ScrapySharp 'System.Net.CookieException: 'The 'Name'='HttpOnly, NID' cookie 部分无效。 - C# ScrapySharp 'System.Net.CookieException: 'The 'Name'='HttpOnly, NID' part of the cookie is invalid.' 如何在phantomjsdriver selenium c#中启用cookie? - How to enable cookie in phantomjsdriver selenium c#? 从Silverlight应用程序将cookie设置为HttpOnly - Set cookie as HttpOnly from Silverlight application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM