javascript 从 HTTP 请求头中获取 cookie
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31688257/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Get the cookie from an HTTP request header
提问by Donato
On Google Chrome, when I look at the HTTP request headers under the "Network" tab using the chrome console, it provides me the following request headers:
在 Google Chrome 上,当我使用 Chrome 控制台查看“网络”选项卡下的 HTTP 请求标头时,它为我提供了以下请求标头:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:ASP.NET_SessionId=nlbupfbt32jda1tziep4p21r; .ASPXAUTH=8C94786DD4A3C03C5548973E04A76FF554F38D6EB74E0B006AB3C3F72684E94DC0469E28D22E4BBFA069B82B1CCFB4203627D998990C6C96897DDBB0F611809175D5F06F015604082481F0079AE48DAB7974F3D63242055BEC75F707C545666C67B7C9D9E53F7531020235881E9DA4F3C26FD02B0ED0971D02C64DFE96F67C745119F44BBC9E46DC2CEF61D639EA01B9
... more headers ...
What I am trying to get is the data under Cookie. I have tried document.cookiebut it returns an empty string. How can I grab that cookie information?
我想要得到的是 Cookie 下的数据。我试过,document.cookie但它返回一个空字符串。我怎样才能获取那个 cookie 信息?
回答by Alex Booker
document.cookiesreturns nothing because the cookie is almost certainly marked with the HttpOnlyattribute.
document.cookies不返回任何内容,因为 cookie 几乎可以肯定地标有HttpOnly属性。
The presence of this attribute tells the browser to disallow access to the cookie value via document.cookie.
此属性的存在告诉浏览器禁止通过 访问 cookie 值document.cookie。
This is a security measure to prevent against session hiHymaningvia cross-site scriptingmostly.
回答by symcbean
If the cookie was set with the http-only flag, you can't read it using JavaScript - this is a security measure to prevent session hiHymaning and should be set for any surrogate identifier including session cookies.
如果 cookie 是使用 http-only 标志设置的,则无法使用 JavaScript 读取它 - 这是一种防止会话劫持的安全措施,应该为包括会话 cookie 在内的任何代理标识符设置。
