HttpCookie.HttpOnly属性使用MVC，如何设置为False？ [英] HttpCookie.HttpOnly Property using MVC, how to set as False ?

问题描述

您好，（不确定这是否是发布的正确位置）

当我们运行安全扫描时我们的网站收到错误消息"会话Cookie不包含"安全"消息属性" （这可能允许中间人攻击）

屏幕截图：https：//www.screencast.com/t/1cEiBQ1Zelb

以下是使用Cookie工具时的外观。  https://www.screencast.com/t/KXZxfflN 

它显示cookie只允许超过http但我们需要它超过httpS

在我的搜索中，我找到了如何在代码中设置它的声明...与MSDN上一样，https：//msdn.microsoft.com/en-us/library/system.web.httpcookie.httponly(v = vs.110 ）.aspx ...

但我的开发人员告诉我"该链接不起作用。它仅适用于webforms。我们
正在使用  mvc"



那么在使用MVC时如何解决这个问题？

谢谢你
Shane Weddle

解决方案

嗨襁褓，

欢迎来到MSDN论坛。

此论坛正在讨论Visual Studio WPF / SL Designer，Visual Studio Guidance Automation Toolkit，开发人员文档和帮助系统以及Visual Studio
编辑器。

根据您的描述，您的问题与MVC有关，我建议您可以将新帖子重新发布到以下论坛以获得专业答案。

https://forums.asp.net/1146.aspx/1?MVC

感谢您的理解。

问候，

Judyzh

Hello, (Not sure if this is the right place to post)

When we run a security scan on our site we get an error of "Session Cookie Does Not Contain the "Secure" Attribute" ( This could allow a man-in-the-middle attack)
Screen Shot: https://www.screencast.com/t/1cEiBQ1Zelb

Here is how it looks when using a cookie tool.. https://www.screencast.com/t/KXZxfflN 

It shows the cookie as only allowing over http but we need it over httpS

In my searching I find statements of how its to be set in code... such as on MSDN https://msdn.microsoft.com/en-us/library/system.web.httpcookie.httponly(v=vs.110).aspx ...
But my developer tells me "That link won't work. It is only applicable to webforms. We are using mvc"

So how to fix this this when using MVC?

Thanks
Shane Weddle

解决方案

Hi swaddle,

Welcome to the MSDN forum.

This forum is discussing Visual Studio WPF/SL Designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System, and Visual Studio Editor.

According to your description, your issue is related to MVC, I suggest you could repost a new thread to the following forum for a professional answer.

https://forums.asp.net/1146.aspx/1?MVC

Thanks for your understanding.

Regards,

Judyzh

这篇关于HttpCookie.HttpOnly属性使用MVC，如何设置为False？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！