在 Windows Phone 上保留 HTTPOnly cookie [英] Preserving HTTPOnly cookies on Windows Phone

问题描述

我有一个应用程序，它通过 HTTPS 向 API 发送用户名和密码.API 返回 HTTPOnly cookie.

I have an app that sends a username and password to an API via HTTPS. The API returns HTTPOnly cookies.

这意味着 cookie 对代码不可见"，但仍然存在，并将在后续请求中发送到服务器.

This means that the cookies are "invisible" to the code, but still exist and will be sent to the server in subsequent requests.

Set-Cookie 标头从 HttpWebResponse.Headers 中剥离，并且 cookie 没有出现在 HttpWebResponse.Cookie 或HttpWebRequest.CookieContainer.但是，如果使用相同的 HttpWebRequest.CookieContainer 发出后续请求，它们将被发送到服务器，但代码无法访问它们.

The Set-Cookie header is stripped from the HttpWebResponse.Headers and the cookie does not appear in the HttpWebResponse.Cookies or the HttpWebRequest.CookieContainer. However, if a subsequent request is made using that same HttpWebRequest.CookieContainer they are sent to the server, but they are inaccessible to the code.

据我所知，这使得它们无法以任何方式序列化或保存.似乎唯一的方法就是缓存实际的用户名和密码，然后每次都重新登录.

As far as I can tell, this makes them impossible to serialize or preserve in any way. It seems the only way to make this work will be to cache the actual username and password and login again every time.

有什么我遗漏的吗?

推荐答案

您必须使用反射来查看存储在 cookie 容器中的 Cookie.

You'll have to use reflection to take a look at the Cookies stored in the cookie container.

使用这样的东西来看看你有什么，然后你可以尝试子类化以获得对你想要的数据的访问，或者通过将cookie存储在内存中，从容器中删除它的过程，然后将其添加为普通 cookie

Use something like this to have a look at what you have, then you can either try to subclass to gain access to the data you want or go through the process of storing the cookie in memory, deleting it from the container, then adding it as a normal cookie

    public List<Cookie> GetAllCookies(CookieContainer cc)
    {
        List<Cookie> lstCookies = new List<Cookie>();

        Hashtable table = (Hashtable)cc.GetType().InvokeMember("m_domainTable", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.GetField | System.Reflection.BindingFlags.Instance, null, cc, new object[] { });

        foreach (var pathList in table.Values)
        {
            SortedList lstCookieCol = (SortedList)pathList.GetType().InvokeMember("m_list", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.GetField | System.Reflection.BindingFlags.Instance, null, pathList, new object[] { });
            foreach (CookieCollection colCookies in lstCookieCol.Values)
                foreach (Cookie c in colCookies) lstCookies.Add(c);
        }

        return lstCookies;
    }
    public string ShowAllCookies(CookieContainer cc)
    {
        StringBuilder sb = new StringBuilder();
        List<Cookie> lstCookies = GetAllCookies(cc);
        sb.AppendLine("=========================================================== ");
        sb.AppendLine(lstCookies.Count + " cookies found.");
        sb.AppendLine("=========================================================== ");
        int cpt = 1;
        foreach (Cookie c in lstCookies)
            sb.AppendLine("#" + cpt++ + "> Name: " + c.Name + "	Value: " + c.Value + "	Domain: " + c.Domain + "	Path: " + c.Path + "	Exp: " + c.Expires.ToString());

        return sb.ToString();
    }

这篇关于在 Windows Phone 上保留 HTTPOnly cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！