HttponlyCookie设置在asp.net 2.0 web.config无法正常工作 [英] HttponlyCookie set in asp.net 2.0 web.config not working
问题描述
我有一位客户联系我,为他们的网站创建的Cookie设置HttpOnly。他们的信用卡处理器已经警告他们的网站未通过PCI扫描。
I have a client who contacted me to set HttpOnly for cookies created by their web site. They have been warned by their credit card processor that their site fails a PCI scan.
最初我被告知该网站正在运行经典ASP所以我尝试设置HttpOnly在他们的代码中通过追加'; HttpOnly'到了Cookies.Path的末尾。这不起作用。
Initially I was told the site was running Classic ASP so I tried setting the HttpOnly flag in their code by appending '; HttpOnly' to the end of Cookies.Path. That didn't work.
经过一番调查后我确定他们的网站实际上运行的是ASP.NET 2.0,我认为应该让解决方案变得更容易。所以我对web.config做了这个改动:
After some investigation I determined that their site is actually running ASP.NET 2.0 which I think should make the solution a lot easier. So I made this change to web.config:
<configuration>
<system.web>
<httpCookies httpOnlyCookies="true" />
</system.web>
</configuration>
进行此更改后,我加载了Firefox,清除了所有域,路径和会话cookie,然后浏览了客户端的网站只需访问他们的主页即可创建11个cookie。在Firefox中查看烹饪信息表明每个
cookie上的HttpOnly为NO。
After making this change, I loaded up Firefox, cleared all Domain, Path and Session cookies, then browsed the client's web site. 11 cookies are created by just visiting their home page. Viewing cooking information in Firefox shows that HttpOnly is NO on every cookie.
为了以防万一,我停止并启动了网站(不是W3SVC)。这没有任何区别。
Just in case, I stopped and started the web site (not W3SVC). This made no difference.
我做错了什么或是否还需要做其他事情来启用Cookie上的HttpOnly属性?是的,我在这里读到了关于这个问题的其他帖子,但是他们看起来都很清楚该做什么。想想也许有人可能会知道这可能是什么问题。
Am I doing something wrong or is there something else that also needs to be done to enable the HttpOnly attribute on cookies? Yes, I've read other posts here regarding this problem, but they all seem clear enough as to what to do. Thought maybe someone might know what could be the problem.
谢谢!
推荐答案
请发布你的问题@
http://forums.asp.net/18.aspx/1?Web +表格&asp.net特定问题的论坛。
Please post your question @ http://forums.asp.net/18.aspx/1?Web+Forms forum for asp.net specific question.
这篇关于HttponlyCookie设置在asp.net 2.0 web.config无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
