如何/我可以通过javascript访问会话cookie? [英] how do i/can i access a sessionid cookie through javascript?
问题描述
我已安装jquery的Cookie扩充功能,并尝试存取工作阶段ID。
I've installed the cookie extension for jquery, and am attempting to access the session id cookie.
我目前有两个工作阶段的Cookie: :
I currently have two cookies for my session - see screenshot below:
但是,$ .cookie()只列出一个:
however, $.cookie() only lists one:
> $.cookie()
Object {csrftoken: "fFrlipYaeUmWkkzLrQLwepyACzTfDXHE"}
> $.cookie('sessionid')
undefined
session id cookie from javascript?
can i/how do i access the sessionid cookie from javascript?
推荐答案
会话ID cookie应标记为HTTP Only,这是一个安全问题,阻止通过xss漏洞的会话劫持。
The session id cookie should be marked as HTTP Only, preventing access from javascript. This is a security issue, preventing session hijacking via an xss vulnerability.
您可以在屏幕截图中看到该Cookie确实标记为HTTP。
You can see in your screenshot that the cookie is indeed marked as HTTP.
如果您想详细了解标志,请参见此处。最初由IE实现,大多数浏览器支持标志现在,没有标记为http的会话cookie被认为是安全缺陷。另请参阅此处。
If you want to learn more about the flag see here. Originally implemented by IE, most browsers support the flag nowadays, and session cookies not marked http-only are considered a security flaw. Also see here.
这篇关于如何/我可以通过javascript访问会话cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!