如何使用Javascript从特定域中删除Cookie? [英] How do I delete a cookie from a specific domain using Javascript?
问题描述
假设我在 http://www.example.com ,并且想要删除其Cookie网域为 .example.com ,另一个网域为 www.example.com 。
使用此通用函数:
var deleteCookie = function(name)
{
document.cookie = name +'=; path = /; expires = Thu,01 Jan 1970 00:00:01 GMT;';
};
这似乎只是删除其域名为 www.example.com的Cookie >。
但是如何指定,因此也会移除其网域为 .example.com 的Cookie?
EDIT:基本上,我正在寻找一个函数,可以删除所有与 http://www.example.com ,只要它们没有httponly标志。是否有这样的功能?
为了安全起见,您不允许编辑(或删除) 。由于您无法保证拥有 foo.domain.com 和 bar.domain.com ,您将不会允许从 bar.domain.com 编辑 foo.domain.com 的Cookie,反之亦然。 p>
考虑您是否被允许这样做,并转到恶意网站,然后返回您的银行,在那里您将要支票存入您的银行帐户。但在恶意网站上,他们更新了您自己的银行信息。现在,突然,支票将被存入恶意网站所有者的银行帐户。
Let's say I am at http://www.example.com and I want to delete a cookie whose domain is .example.com and another one whose domain is www.example.com.
I am currently using this generic function :
var deleteCookie = function (name)
{
document.cookie = name + '=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
};
which only seems to be removing cookies whose domain is www.example.com.
But how can I specify so that it also removes cookies whose domain is .example.com ?
EDIT : Basically I'm looking for a function that can delete all cookies related to http://www.example.com as long as they don't have the httponly flag. Is there such a function?
For security, you're not allowed to edit (or delete) a cookie on another site. Since there's no guarantee that you own both foo.domain.com and bar.domain.com, you won't be allowed to edit the cookies of foo.domain.com from bar.domain.com and vice versa.
Consider if you were allowed to do that and went to a malicious site, then back to your bank where you were about to deposit a cheque into your bank account. But while being on the malicious site, they updated your bank cookie with their own bank information. Now, suddenly, the cheque would be deposited into the malicious site's owner's bank account.
这篇关于如何使用Javascript从特定域中删除Cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
