[Web] Cookie policy header

 

A: Wrong. You should be able to access sub-domain

 

 

B: Wrong, HttpOnlyCookie can only be set from server side. Securemeans https only;

 

C: Correct. If you don't set the max time for cookie, it works like a session

D: Correct. By default, it set Same-Site=Lax

SameSite=Lax: This is a less restrictive model than Strict. Cookies will be withheld on cross-site subrequests, like loading images or frames, but will be sent when a user navigates to the URL from an external site, like by following a link.

posted @   Zhentiw  阅读(6)  评论(0编辑  收藏  举报
相关博文:
· [Web] Transport Secuirty
· [HTML5] Content Security Policy CSP Header
· 跨站cookies,SameSite
· Http-only
· 转载 Secure, HttpOnly, SameSite HTTP Cookies Attributes and Set-Cookie Explained
阅读排行:
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具
历史上的今天:
2022-06-23 [Typescript] Awaited Type
2021-06-23 [AWS Lambda] Convert a Express node.js app to serverless
2021-06-23 [Cloud DA] Best Practices for Serverless
2016-06-23 [Webpack 2] Chunking common modules from multiple apps with the Webpack CommonsChunkPlugin
2016-06-23 [Webpack 2] Grouping vendor files with the Webpack CommonsChunkPlugin
2013-06-23 【PHP 】 伪静态 - 3. 伪静态的基本使用
2013-06-23 【PHP 】伪静态 - 4. 实际运用
点击右上角即可分享
微信分享提示
AI IDE Trae