http and secure the http-only attribute

Others 2019-11-13 11:06:18 views: null

Cookie syntax:

Cookie usually as HTTP response headers to the client, the following example shows the appropriate syntax (note, HttpOnly property is not case sensitive):

Html Code

Set-Cookie: =[; =]
[; expires=][; domain=]
[; path=][; secure][; HttpOnly]

Property Meaning

1 secure property

When set to true, that created the Cookie will be in a secure form, that is, can only be passed to the server in the transmission HTTPS browser connections to the server-side session authentication, if the HTTP connection is not delivered this information, so it will not be stolen to the specific content of Cookie.

2 HttpOnly property

If you set the "HttpOnly" attribute in the Cookie, then through the program (JS script, Applet, etc.) will not be able to read the Cookie information, this can effectively prevent XSS attacks.

Copy the code

Note: Sometimes you do not specify HttpOnly argument is true, the statement may delete the cookie is invalid.
the setcookie @ // ( "_ mcloudauth", "", Time () - 3600);
@setcookie ( '_ mcloudauthcookie', '', Time () - 3600, '/', NULL, NULL, to true);

Guess you like

Origin www.cnblogs.com/liang-chen/p/11847377.html

http and secure the http-only attribute

The method of HTTP-only cookie script to obtain JSESSIONID

[Illustration] HTTP - HTTPS secure Web

http ---> HTTPS is transmitted on a secure HTTP transport layer

nginx secure download module ngx_http_secure_link_module

Chapter VII graphic HTTP, HTTPS secure Web

Chapter VII graphic HTTP, HTTPS secure Web

Add Secure attribute to Cookies

Add Secure attribute to Cookies

HTTP protocol standard (explanation of head attribute item)

Why is HTTPS more secure than HTTP? ? The security principle of https and the difference with http

C # HTTP Series 10 form enctype attribute of the form

The referer attribute of the http request: where the record came from.

Interviewer: Why is HTTPS more secure than HTTP? How does HTTPS ensure security?

Http

Основы Интернета и HTTP

Расшифровка протокола HTTP: изучение поля типа данных в заголовке протокола

HTTP。

Meta http-equiv Expires attribute in the HTTP header (Cache-control) Explanation

java only visit http to https

Cross origin requests are only supported for HTTP

Node using the basic framework -koa, koa simultaneously implemented on a http and https practice, app.content operation attribute ctx

HTTP (a): What is HTTP

HTTP (two): HTTP history of

HTTP报文-HTTP

http Overview --http a note

Realize HTTP (HTTP) with JavaScript

【HTTP】HTTP header头

What 02 HTTP that? HTTP and not a

[Process] Http Http request

Recommended

The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!

Ranking

Getting the basic concepts of ROS + catkin Profile

Spring Learning (2) --- Assembling Beans in the IoC Container

js to get the src attribute of the image regularly

STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud

Short video learning - 3, pandas simple use of pivot_table

Print directory of project configuration log, output log

Understand the difference between vi and vim in Linux in 3 minutes

1 + x certificate Web front-end development HTML5 special exercises

mangodb save and insert the difference

7-1 Family tree processing (50 points) (binary tree solution)

Daily

More

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)