document.cookie 没有返回所有的 cookie [英] document.cookie is not returning all the cookies

问题描述

我正在尝试使用 document.cookie 读取我的域设置的所有 cookie，我注意到的是，它只返回 csrftoken 和另一个值.我的目标是从 cookie 中读取 sessionid

I am trying to read all the cookies set by my domain using document.cookie what I have noticed is, it returns only csrftoken and another value. My goal is to read the sessionid from the cookie

请看下面的截图，它显示了我本地机器上设置的 cookie

please see the below screenshot that shows the cookies set on my local machine

这是document.cookie

推荐答案

_rbt_login_message 和 sessionid 可能是 HTTP-only cookie，这意味着它们只能被服务器读取当它处理页面请求时，而不是通过任何客户端 JavaScript 代码.

_rbt_login_message and sessionid are likely HTTP-only cookies, meaning they can be read only by the server when it's handling a page request, and not by any client-side JavaScript code.

这通常用于会话识别 cookie，因为您(作为开发人员)不希望客户端代码(可以相对容易地被恶意第三方注入)能够窃取一个会话的用户.

This is usually done for session identifying cookies, since you (as a developer) don't want client-side code (which can be injected by a malicious third-party relatively easily) to be able to steal the session of one of your users.

这篇关于document.cookie 没有返回所有的 cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！