安全cookie问题:饼干只是偶尔安全 [英] Secure Cookie Issue: Cookies only secure sometimes
问题描述
我想,以确保从我的ASP.NET应用程序返回的cookie。
我设置requireSSL =真我的web.config,但它看起来像饼干只是有时固定。我会在Firebug或Chrome开发工具查询请求和cookie将是安全的,有时(它看起来像它通常是我第一次访问该页面,但它们不是安全的后续访问)。
屏幕的Chrome浏览器开发工具的镜头: http://i.imgur.com/jII0KDI.png
有没有人有一个想法,为什么这可能发生?
感谢您的帮助!
web.config设置
<&的System.Web GT;
< httpCookies httpOnlyCookies =真正的requireSSL =真/>
< /system.web>
这可以很好地工作。
Chrome的开发工具只显示标记为只允许HTTP和响应,而不是请求安全饼干,让您的设置可能会工作。这似乎是它可以在Chrome的开发工具或者说,它是只显示什么是在请求(事实上,他们是安全的或HTTP只有在实际的HTTP请求未标明规定,只有值被发送到一个bug服务器)。无论哪种方式,我认为它应该显示 N / A 在这些列表明他们并不适用于HTTP请求。
要验证您的Cookie已正确设置你可以试试编辑此cookie 扩展。这将指示每个Cookie是否具有安全或 HTTP只有属性的应用。
I am trying to secure the cookies returned from my ASP.NET application.
I set requireSSL="true" my web.config but it looks like the cookies are only secure sometimes. I will check the request in Firebug or Chrome dev tools and the cookie will be secure sometimes (it look like it is usually the first time I visit the page but subsequent visits they are not secure).
Screen shot of Chrome dev tools: http://i.imgur.com/jII0KDI.png
Does anyone have an idea why this might be happening?
Thanks for the help!
Web.Config Settings
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
</system.web>
It could well be working.
Chrome dev tools only show cookies marked as HTTP Only and Secure in the Response and not the Request, so your setup might be working. It seems like it could be a bug in Chrome dev tools or that it is only showing what is provided in the request (the fact that they are secure or HTTP only is not indicated in an actual HTTP request, only the value is sent to the server). Either way I think it should show N/A in these columns to show that they do not apply to HTTP requests.
To verify that your cookie has been set correctly you could try the Edit This Cookie extension. This will indicate for each cookie whether it has the Secure or HTTP Only attributes applied.
这篇关于安全cookie问题:饼干只是偶尔安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
![http://i.imgur.com/jII0KDI.png](\"http://i.imgur.com/jII0KDI.png\"){kind=link}
