xgqfrms™, xgqfrms® : xgqfrms's offical website of cnblogs! xgqfrms™, xgqfrms® : xgqfrms's offical website of GitHub!

Set-Cookie & Secure & HttpOnly & SameSite

Set-Cookie & Secure & HttpOnly & SameSite

Set-Cookie

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

image


https

https://stackoverflow.com/questions/37234687/how-to-set-cookie-secure-flag-using-javascript

cookie


document.cookie = "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure;";
// "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure;

document.cookie;;
// "testCookie=javascript2050"

image

HttpOnly

A HttpOnly cookie means that it's not available to scripting languages like JavaScript.

https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript
https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript/14691716#14691716

https://github.com/js-cookie/js-cookie/issues/344

SameSite

https://stackoverflow.com/questions/50361460/samesite-cookie-attribute-not-being-set-using-javascript


cookie Generator

cookieGenerator();



/**
 *
 * @author xgqfrms
 * @license MIT
 * @copyright xgqfrms
 *
 * @description cookieGenerator
 *
 * @param {String} name cookie name
 * @param {String} value cookie value
 * @param {Number} days
 * @param {String} path
 * @param {String} domain
 * @param {String} HttpOnly (JavaScript absolutely no API available to get/set the HttpOnly attribute of the cookie!)
 * @param {Boolean} Secure
 * @param {ENUM} SameSite=Lax / SameSite=Strict (This is an attribute that can only be set by server (like HttpOnly) in response cookies it sends to browser.)
 *
 */

const cookieGenerator = (
    options = {
        name: "testCookie",
        value: "testcookie",
        days: 0,
        path: "/",
        domain: window.parent.document.domain,
        // HttpOnly: false,
        Secure: false
    }) => {
    let {
        name,
        value,
        days,
        path,
        domain,
        // HttpOnly,
        secure
    } = options;
    let result = ``,
        expires = ``,
        date = new Date();
    date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
    expires = date.toUTCString();
    result = `${name}=${value}; Expires=${expires}; Path=${path}; Domain=${domain};`;
    // if (httponly) {
    //     result += `Http;`;
    //     result += `HttpOnly;`;
    // }
    if (secure) {
        result += `Secure;`;
    }
    // document.cookie = result;
    return result;
};



©xgqfrms 2012-2020

www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!


posted @ 2018-06-14 14:55  xgqfrms  阅读(317)  评论(1编辑  收藏  举报