{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Emotional °昔 的问题《Set a cookie to HttpOnly via Javascript》','https://www.manongdao.com/q-60096.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a cookie that is NOT HttpOnly Can I set this cookie to HttpOnly via JavaScript?
相关问题
- Angular RxJS mergeMap types
- Is there a limit to how many levels you can nest i
- How to toggle on Order in ReactJS
- void before promise syntax
- Keeping track of variable instances
A
HttpOnlycookie means that it's not available to scripting languages like JavaScript. So there's in JavaScript absolutely no API available to get/set theHttpOnlyattribute of the cookie, as that would otherwise defeat the meaning ofHttpOnly.Just set it as such in the server side using whatever server side language the server side is using. If JavaScript is absolutely necessary in this, you could consider to just let it send some (ajax) request with e.g. some specific request parameter which triggers the server side language to create a HttpOnly cookie. But, that would still make it easy for hackers to change the
HttpOnlyby just XSS and still have access to the cookie via JS and thus make theHttpOnlyon your cookie completely useless.