如何/我可以通过javascript访问会话cookie？ [英] how do i/can i access a sessionid cookie through javascript?

问题描述

我已安装jquery的Cookie扩充功能，并尝试存取工作阶段ID。

I've installed the cookie extension for jquery, and am attempting to access the session id cookie.

我目前有两个工作阶段的Cookie： ：

I currently have two cookies for my session - see screenshot below:

但是，$ .cookie（）只列出一个：

however, $.cookie() only lists one:

> $.cookie()
Object {csrftoken: "fFrlipYaeUmWkkzLrQLwepyACzTfDXHE"}
> $.cookie('sessionid')
undefined

session id cookie from javascript？

can i/how do i access the sessionid cookie from javascript?

推荐答案

会话ID cookie应标记为HTTP Only，这是一个安全问题，阻止通过xss漏洞的会话劫持。

The session id cookie should be marked as HTTP Only, preventing access from javascript. This is a security issue, preventing session hijacking via an xss vulnerability.

您可以在屏幕截图中看到该Cookie确实标记为HTTP。

You can see in your screenshot that the cookie is indeed marked as HTTP.

如果您想详细了解标志，请参见此处。最初由IE实现，大多数浏览器支持标志现在，没有标记为http的会话cookie被认为是安全缺陷。另请参阅此处。

If you want to learn more about the flag see here. Originally implemented by IE, most browsers support the flag nowadays, and session cookies not marked http-only are considered a security flaw. Also see here.

这篇关于如何/我可以通过javascript访问会话cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！