简体繁体 English

如何识别cookie来自客户端还是服务器端？

[英]how to identify a cookie is from client-side or server-side?

原文 2012-04-11 06:25:56 8 2 javascript/ asp.net/ .net/ cookies

how does the browser differentiate a cookie is from client-side created (JavaScript) or server-side created (ASP.NET).浏览器如何区分 cookie 是客户端创建的 (JavaScript) 还是服务器端创建的 (ASP.NET)。 Is it possible to delete cookie created from server side in client side and vice versa, I'm struggling to delete a cookie was created from client-side using javascript in ASP.NET code-behind.是否可以在客户端删除从服务器端创建的 cookie，反之亦然，我正在努力删除使用 ASP.NET 代码隐藏中的 javascript 从客户端创建的 cookie。

2 个解决方案

how does the browser differentiate a cookie is from Client side(javascript created) or serverside created (Asp.net).浏览器如何区分 cookie 是来自客户端（javascript 创建的）还是服务器端创建的（Asp.net）。

It doesn't.它没有。 A cookie is a cookie.饼干就是饼干。

The closest it comes is the HTTP Only flag, which allows a cookie to be hidden from JavaScript. (This provides a little defence against XSS cookie theft).最接近的是HTTP Only标志，它允许对 JavaScript 隐藏 cookie。（这提供了一点防御 XSS cookie 窃取的能力）。

it is possible to delete cookie created from server side in client side and vice versa可以在客户端删除从服务器端创建的 cookie，反之亦然

Yes.是的。 A cookie is a cookie.饼干就是饼干。 (Again, client side code can't touch an HTTP only cookie) （同样，客户端代码不能触及 HTTP only cookie）

As far as I know it is possible if there is not property HttpOnly ^owasp ^wikipedia .据我所知，如果没有属性HttpOnly ^owasp ^wikipedia是可能的。

In chrome, for the cookies, there is a field - Accessible by script , which indicates if HttpOnly is set.在 chrome 中，对于 cookies，有一个字段 - Accessible by script ，指示是否设置了 HttpOnly。