javascript 如何从浏览器的 cookie 存储中删除 sessionid
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10328201/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to delete the sessionid from browser's cookie store
提问by SKing7
I want to logout my web App in browser when click the logout button.And want to implement it just with js code.So,there's no logout servlet. That means,i need to delete the sessionid which is used now and stored in browser memory,but how can I do the same?
我想在单击注销按钮时在浏览器中注销我的 Web 应用程序。并且想仅使用 js 代码来实现它。所以,没有注销 servlet。这意味着,我需要删除现在使用并存储在浏览器内存中的 sessionid,但我该怎么做呢?
回答by Ramesh
All your session cookies should be httpOnly for security reasons. This would ensure the cookies are not accessible in javascript and would reduce the risk in case of XSS attach. Which also means that the cookie cannot be just cleared at client side.
When the user clicks logout, you may be interested in clearing the server side resources. At least for that you should be hitting the server.
出于安全原因,您的所有会话 cookie 都应该是 httpOnly。这将确保 cookie 无法在 javascript 中访问,并在 XSS 附加的情况下降低风险。这也意味着不能在客户端清除 cookie。
当用户点击注销时,您可能有兴趣清除服务器端资源。至少为此,您应该访问服务器。
With the above being said. I would recommend you make an AJAX call to your servlet and which can clear your cookie as well as free up server side resources allocated for that session.
综上所述。我建议您对 servlet 进行 AJAX 调用,这可以清除 cookie 并释放为该会话分配的服务器端资源。
If you are still not convinced and have to clear the cookie using javascript please refer to SO question delete cookies using javascript
如果您仍然不相信并且必须使用 javascript 清除 cookie,请参阅 SO 问题使用 javascript 删除 cookie
