我如何测试httpOnly cookie标志 [英] how do I test httpOnly cookie flag

问题描述

我已在Websphere中为jsession cookie设置了以下属性 com.ibm.ws.webcontainer.HTTPOnlyCookies.

I have set the following property in websphere for the jsession cookie com.ibm.ws.webcontainer.HTTPOnlyCookies.

有什么想法如何最好地在Firefox或IE中使用JavaScript进行测试?

Any idea how best to test this using JavaScript in Firefox or IE?

推荐答案

在IE中这很痛苦.我有IE9，所以您的屏幕可能有所不同.

It's a pain in IE. I have IE9 so your screens may be different.

按F12，转到网络"选项卡，然后按开始捕获".返回IE，然后打开要查看的页面.返回F12窗口，您将看到所有单独的HTTP请求，选择要检查其Cookie的页面或资产，然后双击它.然后，您应该能够在其相关标签上看到所有响应标题和cookie.

Press F12, go to the network tab, and then press Start Capturing. Back in IE then open the page you want to view. Back in the F12 window you show see all the individual HTTP requests, select the one that's the page or asset you're checking the cookies on and double click on it. You should then be able to see all the response headers and cookies on their relevant tabs.

一个HttpOnly Cookie看起来像这样:

A HttpOnly Cookie would look something like this:

Set-Cookie:SessionId = z5ymkk45aworjo2l31tlhqqv;路径=/; HttpOnly

Set-Cookie: SessionId=z5ymkk45aworjo2l31tlhqqv; path=/; HttpOnly

该cookie可能不会随每个响应一起发送，因此您可能需要清除所有cookie，然后再次尝试确保已随您正在监视的请求一起发送cookie.

The cookie may not be sent with every response, so you may need to clear all of your cookies and then try again to make sure one is sent with the request you're monitoring.

这篇关于我如何测试httpOnly cookie标志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！