windows iis 服务器asp,aspx 会话cookie中缺少HttpOnly属性
[ 2023-11-06 11:27:03 | 作者: admin ]
方法一、按照网上打开配置编辑器 ,将httpOnlyCookies设置为true,实际没有任何效果
方法二、通过配置出站规则getcookie添加HttpOnly
在Web.config的system.webServer中添加如下出站规则
结果生效
参考文章:
https://www.xjx100.cn/news/423990.html?action=onClick
https://social.msdn.microsoft.com/Forums/en-US/3ab04106-86ec-4f5e-a4e6-d051af923924/setting-httponly-for-classic-asp-session-cookie-urgent-help-needed-please?forum=iis56classicasp
使用IIS重写将HttpOnly标志添加到Cookie无效 https://www.coder.work/article/6687330
评论Feed: http://blog.xg98.com/feed.asp?q=comment&id=2945
方法二、通过配置出站规则getcookie添加HttpOnly
在Web.config的system.webServer中添加如下出站规则
<rewrite>
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<outboundRules>
<rule name="Add HttpOnly" preCondition="No HttpOnly">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; HttpOnly" />
<conditions>
</conditions>
</rule>
<preConditions>
<preCondition name="No HttpOnly">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
结果生效
参考文章:
https://www.xjx100.cn/news/423990.html?action=onClick
https://social.msdn.microsoft.com/Forums/en-US/3ab04106-86ec-4f5e-a4e6-d051af923924/setting-httponly-for-classic-asp-session-cookie-urgent-help-needed-please?forum=iis56classicasp
使用IIS重写将HttpOnly标志添加到Cookie无效 https://www.coder.work/article/6687330
[最后修改由 admin, 于 2023-11-06 14:32:15]
评论Feed: http://blog.xg98.com/feed.asp?q=comment&id=2945
这篇日志没有评论。
此日志不可发表评论。
