javascript 无法从 JS 中的 document.cookie 访问 cookie,但浏览器显示 cookie 存在
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17508027/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can't access cookies from document.cookie in JS, but browser shows cookies exist
提问by PeeHaa
I can't access any cookie from JavaScript. I need to read some value and send them via JSON for my custom checks.
我无法从 JavaScript 访问任何 cookie。我需要读取一些值并通过 JSON 发送它们以进行我的自定义检查。
I've tried to access cookies from JS, like it was described at:
我尝试从 JS 访问 cookie,就像在以下位置描述的那样:
As you can see at the code, it's seen as clear as a crystal the next:
正如您在代码中看到的那样,接下来它看起来像水晶一样清晰:
var c_value = document.cookie;
When I'm trying to access the document.cookievalue from the Chrome's web-debugger, I see only the empty string at the Watch expressions:
当我尝试document.cookie从 Chrome 的网络调试器访问值时,我在Watch 表达式中只看到空字符串:
So I can't read cookies value, which I need.
所以我无法读取我需要的 cookie 值。
I've checked the cookie name, which I'm sending to get an associated value IS correct. Also, I'm using the W3Schoolssource code for getting cookies, if you're interested (but from the 2nd link, the technique is similar).
我检查了 cookie 名称,我发送该名称以获取相关值是正确的。另外,如果您有兴趣,我正在使用W3Schools源代码来获取 cookie(但从第二个链接来看,该技术是类似的)。
How can I fix my issue?
我该如何解决我的问题?
Thanks!
谢谢!
回答by PeeHaa
You are most likely dealing with httponlycookies. httponlyis a flag you can set on cookies meaning they can not be accessed by JavaScript. This is to prevent malicious scripts stealing cookies with sensitive data or even entire sessions.
您很可能正在处理httponlycookie。httponly是您可以在 cookie 上设置的标志,这意味着它们不能被 JavaScript 访问。这是为了防止恶意脚本窃取带有敏感数据甚至整个会话的 cookie。
So you either have to disable the httponlyflag or you need to find another way to get the data to your javascript.
因此,您要么必须禁用该httponly标志,要么需要找到另一种方法将数据发送到您的 javascript。
By looking at your code it should be easy to disable the http only flag:
通过查看您的代码,禁用 http only 标志应该很容易:
Response.AddHeader("Set-Cookie", "CookieName=CookieValue; path=/;");
Response.SetCookie(new HttpCookie("session-id") { Value = Guid.NewGuid().ToString(), HttpOnly = false });
Response.SetCookie(new HttpCookie("user-name") { Value = data.Login, HttpOnly = false });
Now you should be able to access the cookie information from JavaScript. However I don't know exactly what kind of data you are trying to get so maybe you can go for another approach instead and for example render some data attribute on the page with the information you need instead of trying to read the cookie:
现在您应该能够从 JavaScript 访问 cookie 信息。但是,我不知道您想要获取什么样的数据,所以也许您可以采用另一种方法,例如使用您需要的信息在页面上呈现一些数据属性,而不是尝试读取 cookie:
<div id="example" data-info="whatever data you are trying to retrieve"></div>
console.log(document.getElementById('example').getAttribute('data-info'));
回答by Tenzin Palber
I would say http only is your first culprit but this can also occur by not setting the scope of your cookie.
我会说 http only 是您的第一个罪魁祸首,但这也可能通过不设置 cookie 的范围而发生。
If the site has been redirected from another domain, you will need to look into setting the scope of the cookie. Domain and Path defines the scope of the cookie, which URLs the cookie should be sent to. Depending on this, you might not see the cookie in your response.
如果该站点已从另一个域重定向,则您需要考虑设置 cookie 的范围。Domain 和 Path 定义了 cookie 的范围,cookie 应该发送到哪些 URL。根据这一点,您可能不会在响应中看到 cookie。
I ran across this issue when setting a cookie on a successful SAML SSO login and couldn't retrieve the cookie from the Document because it was never send as part of the request.
我在成功的 SAML SSO 登录上设置 cookie 时遇到了这个问题,但无法从文档中检索 cookie,因为它从未作为请求的一部分发送。
回答by ejaenv
keep an eye also to the cookie's Path attribute, as the cookie is only visible to subdirectories under Path. I had your issue and I solved setting Path "/"
还要注意 cookie 的 Path 属性,因为 cookie 只对 Path 下的子目录可见。我遇到了你的问题,我解决了设置路径“/”
回答by Manas
If you are using some secure authentication then that case you could not access cookies directly because of secure. you have to change some response attribute in server side using below code .
如果您正在使用一些安全身份验证,那么由于安全原因,您无法直接访问 cookie。您必须使用以下代码更改服务器端的某些响应属性。
Response.AddHeader("Set-Cookie", "CookieName=CookieValue; path=/;"); Response.SetCookie(new HttpCookie("session-id") { Value = Guid.NewGuid().ToString(), HttpOnly = false }); Response.SetCookie(new HttpCookie("user-name") { Value = data.Login, HttpOnly = false });
Response.AddHeader("Set-Cookie", "CookieName=CookieValue; path=/;"); Response.SetCookie(new HttpCookie("session-id") { Value = Guid.NewGuid().ToString(), HttpOnly = false }); Response.SetCookie(new HttpCookie("user-name") { Value = data.Login, HttpOnly = false });
But you should not because it may change secure to un-secure, so you have to find out solution that be done in server side to delete cookies and allow to you do some operations.
但是你不应该因为它可能会改变安全到不安全,所以你必须找到在服务器端完成的解决方案来删除cookie并允许你做一些操作。
Its possible to do changes in server side.
可以在服务器端进行更改。
回答by Dunken
If your cookie is set as Set-Cookieor Set-Cookie2it's not part of the response headers collection: http://www.w3.org/TR/XMLHttpRequest/#the-getallresponseheaders%28%29-method
如果您的 cookie 设置为Set-Cookie或Set-Cookie2不是响应标头集合的一部分:http: //www.w3.org/TR/XMLHttpRequest/#the-getallresponseheaders%28%29-method
Returns all headers from the response, with the exception of those whose field name is Set-Cookie or Set-Cookie2.
返回响应中的所有标头,但字段名称为 Set-Cookie 或 Set-Cookie2 的标头除外。
