7

我可以看到 cookie 正在通过 Chrome 网络检查器传输:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:rack.session=BAh7B8kiD3Nlc3Npb25faWQGOgZFRiJFMmYwOTZmZGY1NDEzNGVhYWJhYjcz%0ANmUzYmE5NzYyZmRmM2EyYjk4YWNlNzYzNjdkOGI5MDFiNTU3MDg0NWUzY0ki%0ADXRyYWNraW5nBjsARnsISSIUSFRUUF9VU0VSX0FHRU5UBjsARiItMjVhMmFj%0AZDI5zWU2NTJkY2QyMzA4MzI3NmYxNTk2YjU2ZjBkNmUwNkkiGUhUVFBfQUND%0ARVBUX0VOQ09ESU5HBjsARiItZWQyYjNjYTkwYTRlNzIzNDAyMzY3YTFkMTdj%0AOGIyODM5Mjg0MjM5OEkiGUhUVFBfQUNDRVBUX0xBTkdVQUdFBjsARiItY2M5%0AZjZmZWM2NTJhNDI1OGJjNmQyOTI4NzA1MjE3OWFiMWUwZDE0Nw%3D%3D%0A--82a2216513ed8ce3bbcd0f2fe2162e7c40847499; test=whee
Host:0.0.0.0:4567
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17

但是当我将 document.cookie 转储到控制台时,我看不到它!服务文件的全部内容:

<script type="text/javascript">
    console.log(document.cookie)
</script>

这是正常的吗?

4

1 回答 1

6

HttpOnly 是包含在 Set-Cookie HTTP 响应标头中的附加标志。在生成 cookie 时使用 HttpOnly 标志有助于降低客户端脚本访问受保护 cookie 的风险(如果浏览器支持它)。

于 2013-12-09T07:32:44.080 回答