为什么document.cookie不显示网站的所有cookie? [英] Why doesn't document.cookie show all the cookie for the site?
问题描述
我去一个使用vBulletin 3.8的论坛。当我登录时,我使用firebug来查看cookie是什么设置的。我看到这些Cookie:
I go to a forum which uses vBulletin 3.8. When I log in, I use firebug to see what cookies were set. I see these cookies:
__ utmb,__utmc,__utma,__utmz,bbsessionhash,vbseo_loggedin,bbpassword,bbuserid,bblastactivity,bblastvisit
__utmb, __utmc, __utma, __utmz, bbsessionhash, vbseo_loggedin, bbpassword, bbuserid, bblastactivity, bblastvisit
它们都有一个值集,并且域是相同的。
They all had a value set, and the domain was identical.
但是当我使用JavaScript来查看它们时,它只能看到这些cookie:
But when I use JavaScript to view them, it only saw these cookies:
__ utmb,__utmc,__utma,__utmz,vbseo_loggedin,bblastactivity,bblastvisit
__utmb, __utmc, __utma, __utmz, vbseo_loggedin, bblastactivity, bblastvisit
在firebug中,我只看到这三个cookie:bbsessionhash, bbpasword和bbuserid,实际设置。 HTTPOnly在列HTTPOnly中。这是什么意思,这是我不能看到这些cookie使用 document.cookie
?
In firebug, I only see these three cookies: bbsessionhash, bbpasword and bbuserid, that were actually set. HTTPOnly in column HTTPOnly. What does it mean and is that the reason I can't see those cookies in JavaScript using document.cookie
?
推荐答案
从 http://en.wikipedia.org/ wiki / HTTP_cookie :
Cookie不能直接显示给
客户端程序,如
JavaScript,如果他们已经发送
HttpOnly标志。从服务器的
视图来看,关于正常
情况的唯一的
区别是set-cookie头
行被添加了一个包含$ b的新字段$ b字符串`HttpOnly':
Cookies are not directly visible to client-side programs such as JavaScript if they have been sent with the HttpOnly flag. From the point of view of the server, the only difference with respect of the normal case is that the set-cookie header line is added a new field containing the string `HttpOnly':
Set-Cookie:RMID = 732423sdfs73242; expires = Fri,2010年12月31日23:59:59 GMT; path = /; domain = .example.net; HttpOnly
当浏览器收到这样的
cookie时,应该使用
HTTP交换,
,但不能让
客户端脚本可见。
HttpOnly
标志不是任何
标准的一部分,并且不会在所有浏览器的
中实现。
When the browser receives such a
cookie, it is supposed to use it as
usual in the following HTTP exchanges,
but not to make it visible to
client-side scripts. The
HttpOnly
flag is not part of any
standard, and is not implemented in
all browsers.
这篇关于为什么document.cookie不显示网站的所有cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!