如何使用javascript设置cookie安全标志 [英] How to set cookie secure flag using javascript
问题描述
我尝试使用 document.cookie =tagname = test; secure
来设置Cookie,但这并未设置安全标志。我是否设置错了?你只能从服务器响应中设置它吗?我也想知道,因为我很难找到它的一个例子,它可能不常用?
非常感谢!
TL:DR
document.cookie =tagname = test; secure;
您必须使用HTTPS设置安全属性
正常(或正式,也许)名称是属性。由于该标志涉及其他事情(请查看下文)。
更多信息
Cookie属性:
安全 - Cookie将以安全渠道发送 - HTTPS
HttpOnly-不允许本地脚本阅读cookies。
域名 - 仔细检查域名设置。
路径 - 仔细检查路径设置。
过期 - 确定用户代理如何解析或如何选择到期时间。
更多细节和实际用法。检查 Testing_for_cookies_attributes_(OTG-SESS-002)
Cookie标记
Cookie标记是前缀。目前,这些内容在 RFC草稿中进行了描述。作为 RFC6265 的更新
这些标志与'secure'属性一起使用。
$ b
__ Secure-
短划线是前缀的一部分。这个标志告诉浏览器,cookie应该只包含在'https'中。
__主机 -
带有此标志的Cookie 1)不能有'域'属性,它只会被发送给设置它的主机。 2)必须有一个'path'属性,它被设置为'/',因为它会在主机的每个任务中被发送到主机。
我希望我没有误解任何这些,那些'正式文本'对我来说很难',对它进行更正或编辑以使它更具可读性,我们将不胜感激。
I have tried to set a cookie using document.cookie = "tagname = test; secure"
but this does not set the secure flag. Am I setting it wrong? Can you only set it from a server response? I am also wondering that, because I have had a difficult time finding an example of its use, that it probably is not commonly used?
Thanks a bunch!
TL:DR
document.cookie = "tagname = test;secure";
You must be in HTTPS to set a secure attribute
The normal (or formal, maybe) name is attribute. Since the flag refers to other things (check below).
More Info
Cookie attributes:
Secure - The Cookie will be sent in secure channel--HTTPS
HttpOnly- Don't allow local scripts read cookies.
Domain- Double-check the domain settings.
Path - Double-check the path settings.
Expires - Determine the user agent how to parse or how to choose the expiry-time.
More details and practical usages. Check Testing_for_cookies_attributes_(OTG-SESS-002)
Cookie Flags
Cookie flags are prefixes. At the time being, those are described in the RFC draft as a update to the RFC6265
These flags are used with the 'secure' attribute.
__Secure-
The dash is a part of the prefix. This flag tells the browser, the cookie should only be included in 'https'.
__Host-
A cookie with this flag 1) must not have 'domain' attribute, it will be only sent to the host which set it. 2) Must have a 'path' attribute, that is set to '/', because it will be sent to the host in every quest from the host.
I hope I did not misunderstand any of that, those 'formal texts' are slightly hard for me, correct or edit it to make it more readable will be appreciated.
这篇关于如何使用javascript设置cookie安全标志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!