“SameSite"的经典 ASP 使用关于饼干 [英] Classic ASP use of "SameSite" on cookies
问题描述
我们使用 Classic ASP 通过 Response.Cookies(CookieName") 构建我们的 cookie.我们将如何设置SameSite"?没有?
We're using Classic ASP to construct our cookies via Response.Cookies( "CookieName" ). How would we go about setting "SameSite" to none?
推荐答案
试试这个(你需要安装 URLRewrite 模块).您还需要使用 https 协议(SameSite
仅在还包含 Secure
时才有效,并且您不能包含 Secure
而不使用https 协议).HttpOnly
也应始终使用,但如果您的网站上有一些 JavaScript 代码需要读取 cookie,则 HttpOnly
会阻止这种情况.
Try this (you need the URLRewrite module installed). You also need to be using the https protocol (SameSite
only works if Secure
is also included, and you can't include Secure
without using the https protocol). HttpOnly
should always be used too, but if you have some JavaScript code on your site that needs to read cookies, HttpOnly
will prevent that.
您可能还需要添加HTTP_COOKIE";到允许的服务器变量"在 IIS 下的 URLRewrite.但我认为这只是为了读取传入的 cookie.
You also might need to add "HTTP_COOKIE" to the "allowed server variables" in IIS under URLRewrite. But I think that's just for reading incoming cookies.
经过试验和测试,完美运行.
Tried and tested, works perfectly.
注意:如果您已经在使用 Response.Cookies("CookieName").Secure = True
,它会将 Secure
添加到响应标头值两次(除非你从 action rewrite 值中删除 Secure
),被包含两次应该不是问题,但有些浏览器可能对这样的东西很挑剔,尤其是 Chrome,因为谷歌继续扮演越来越重要的角色更新更严格的 cookie 规则.
Note: If you're already using Response.Cookies("CookieName").Secure = True
, it will add Secure
to the response header value twice (unless you remove Secure
from the action rewrite value), being included twice shouldn't be an issue, but some browsers can be fussy with stuff like that, especially Chrome as Google continues to role out more and more updates with stricter cookies rules.
http协议>customHeaders
部分是完全可选的,但它会为您的站点增加更多安全性.
The httpProtocol > customHeaders
section is completely optional, but it will add more security to your site.
web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="SameSite rewrite">
<match serverVariable="RESPONSE_Set_Cookie" pattern="(.*)=(.*)" negate="false" />
<action type="Rewrite" value="{R:1}={R:2}; SameSite=None; HttpOnly; Secure" />
</rule>
</outboundRules>
</rewrite>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="Referrer-Policy" value="strict-origin" />
<add name="Strict-Transport-Security" value="max-age=31536000" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
这篇关于“SameSite"的经典 ASP 使用关于饼干的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!