1

我们需要使用 HTTPOnly 和 Secure 来保护 Cookie,但不包含 cookie 名称 =“cnlfsid”

这是我的代码:

when HTTP_RESPONSE { 
    foreach x [HTTP::cookie names] {

        set ckname $x
        set ckvalue [HTTP::cookie value $x]
        set ckpath [HTTP::cookie value path]

        if {!($ckname equals "cnlfsid")} {
            HTTP::cookie remove $x
            HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
            HTTP::cookie secure $ckname enable
            HTTP::cookie httponly $ckname enable    
        }
    }
}

但它行不通。有人可以帮我解决它。

非常感谢

4

1 回答 1

0

评论中提到的f5论坛的答案是:

when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
        if { $x equals "cnlfsid" } {
            continue
        }
        set ckname $x
        set ckvalue [HTTP::cookie value $x] 
        set ckpath [HTTP::cookie $x path]
        HTTP::cookie remove $x
        HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
        HTTP::cookie secure $ckname enable
        HTTP::cookie httponly $ckname enable
    }
}

看起来诀窍是continue声明。

于 2018-09-12T14:36:27.373 回答