Set-Cookie & Secure & HttpOnly & SameSite
Set-Cookie & Secure & HttpOnly & SameSite
HTTP/Headers/Set-Cookie
Set-Cookie
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
https
https://stackoverflow.com/questions/37234687/how-to-set-cookie-secure-flag-using-javascript
cookie
document.cookie = "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure;";
// "testCookie=javascript2050; Expires=Wed, 21 Oct 2020 07:28:00 GMT; path=/;domain=.cnblogs.com;Secure;
document.cookie;;
// "testCookie=javascript2050"
HttpOnly
A
HttpOnly
cookie means that it'snot
available to scripting languages likeJavaScript
.
https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript
https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript/14691716#14691716
https://github.com/js-cookie/js-cookie/issues/344
SameSite
cookie Generator
cookieGenerator();
/**
*
* @author xgqfrms
* @license MIT
* @copyright xgqfrms
*
* @description cookieGenerator
*
* @param {String} name cookie name
* @param {String} value cookie value
* @param {Number} days
* @param {String} path
* @param {String} domain
* @param {String} HttpOnly (JavaScript absolutely no API available to get/set the HttpOnly attribute of the cookie!)
* @param {Boolean} Secure
* @param {ENUM} SameSite=Lax / SameSite=Strict (This is an attribute that can only be set by server (like HttpOnly) in response cookies it sends to browser.)
*
*/
const cookieGenerator = (
options = {
name: "testCookie",
value: "testcookie",
days: 0,
path: "/",
domain: window.parent.document.domain,
// HttpOnly: false,
Secure: false
}) => {
let {
name,
value,
days,
path,
domain,
// HttpOnly,
secure
} = options;
let result = ``,
expires = ``,
date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
expires = date.toUTCString();
result = `${name}=${value}; Expires=${expires}; Path=${path}; Domain=${domain};`;
// if (httponly) {
// result += `Http;`;
// result += `HttpOnly;`;
// }
if (secure) {
result += `Secure;`;
}
// document.cookie = result;
return result;
};
©xgqfrms 2012-2020
www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!
本文首发于博客园,作者:xgqfrms,原文链接:https://www.cnblogs.com/xgqfrms/p/9182992.html
未经授权禁止转载,违者必究!