ASP设置Cookie的HttpOnly属性
[ 2016-08-31 10:13:35 | 作者: admin ]
为防止攻击者利用网站XSS漏洞获取网站cookie(如果管理员cookie被获取,攻击者有可能登录网站后台)。可以在cookie中增加httponly属性。
ASP实现方法如下:
当需要向浏览器写入Cookie时,利用Response.AddHeader代替Response.Cookies("X")="Y"
关于httponly的说明,参见:
使用HttpOnly提升Cookie安全性 http://blog.csdn.net/zzzmmmkkk/article/details/10862949
cookie的过期
也可以自己写个函数
评论Feed: http://blog.xg98.com/feed.asp?q=comment&id=2337
ASP实现方法如下:
当需要向浏览器写入Cookie时,利用Response.AddHeader代替Response.Cookies("X")="Y"
Response.AddHeader "Set-Cookie", "mycookie=1981; Path=/; HttpOnly"
关于httponly的说明,参见:
使用HttpOnly提升Cookie安全性 http://blog.csdn.net/zzzmmmkkk/article/details/10862949
cookie的过期
response.Cookies("mycookie")=""
response.Cookies("mycookie").Path = "/"
response.Cookies("mycookie").Expires = DateAdd("m",-60,now())
response.Cookies("mycookie").Path = "/"
response.Cookies("mycookie").Expires = DateAdd("m",-60,now())
也可以自己写个函数
<%
‘**************************************************
‘ASP 中输出httponly cookie IE6.0以上浏览器支持
‘WDFrog
‘2009-04-15
‘<meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″>
‘**************************************************
‘———-SetHttpOnlyCookie—————————————-
‘功能:设置HttpOnly Cookie
‘参数:expDate 为保到期, 0表示不设置,设置为过去某一时间表示清除
‘参数:domain 为空(string.Empty)表示不设置
‘——————————————————————-
Function SetHttpOnlyCookie(cookieName,cookieValue,domain,path,expDate)
Dim cookie
cookie=cookieName & “=” & Server.URLEncode(cookieValue) & “; path=” & path
If expDate <> 0 Then
cookie=cookie & “; expires=” & DateToGMT(expDate)
End If
If domain <> “” Then
cookie=cookie & “; domain=” & domain
End If
cookie=cookie & “; HttpOnly”
Call Response.AddHeader (”Set-Cookie”, cookie)
End Function
‘————-getGMTTime————
‘参数: sDate 需要转换成GMT的时间
‘———————————
Function DateToGMT(sDate)
Dim dWeek,dMonth
Dim strZero,strZone
strZero=”00″
strZone=”+0800″
dWeek=Array(”Sun”,”Mon”,”Tue”,”Wes”,”Thu”,”Fri”,”Sat”)
dMonth=Array(”Jan”,”Feb”,”Mar”,”Apr”,”May”,”Jun”,”Jul”,”Aug”,”Sep”,”Oct”,”Nov”,”Dec”)
DateToGMT = dWeek(WeekDay(sDate)-1)&”, “&Right(strZero&Day(sDate),2)&” “&dMonth(Month(sDate)-1)&” “&Year(sDate)&” “&Right(strZero&Hour(sDate),2)&”:”&Right(strZero&Minute(sDate),2)&”:”&Right(strZero&Second(sDate),2)&” “&strZone
End Function
‘参考
‘Call SetHttpOnlyCookie(”cookieOnly1″,”onlyValue”,”.gyzs.com”,”/”,0)
%>
‘**************************************************
‘ASP 中输出httponly cookie IE6.0以上浏览器支持
‘WDFrog
‘2009-04-15
‘<meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″>
‘**************************************************
‘———-SetHttpOnlyCookie—————————————-
‘功能:设置HttpOnly Cookie
‘参数:expDate 为保到期, 0表示不设置,设置为过去某一时间表示清除
‘参数:domain 为空(string.Empty)表示不设置
‘——————————————————————-
Function SetHttpOnlyCookie(cookieName,cookieValue,domain,path,expDate)
Dim cookie
cookie=cookieName & “=” & Server.URLEncode(cookieValue) & “; path=” & path
If expDate <> 0 Then
cookie=cookie & “; expires=” & DateToGMT(expDate)
End If
If domain <> “” Then
cookie=cookie & “; domain=” & domain
End If
cookie=cookie & “; HttpOnly”
Call Response.AddHeader (”Set-Cookie”, cookie)
End Function
‘————-getGMTTime————
‘参数: sDate 需要转换成GMT的时间
‘———————————
Function DateToGMT(sDate)
Dim dWeek,dMonth
Dim strZero,strZone
strZero=”00″
strZone=”+0800″
dWeek=Array(”Sun”,”Mon”,”Tue”,”Wes”,”Thu”,”Fri”,”Sat”)
dMonth=Array(”Jan”,”Feb”,”Mar”,”Apr”,”May”,”Jun”,”Jul”,”Aug”,”Sep”,”Oct”,”Nov”,”Dec”)
DateToGMT = dWeek(WeekDay(sDate)-1)&”, “&Right(strZero&Day(sDate),2)&” “&dMonth(Month(sDate)-1)&” “&Year(sDate)&” “&Right(strZero&Hour(sDate),2)&”:”&Right(strZero&Minute(sDate),2)&”:”&Right(strZero&Second(sDate),2)&” “&strZone
End Function
‘参考
‘Call SetHttpOnlyCookie(”cookieOnly1″,”onlyValue”,”.gyzs.com”,”/”,0)
%>
[最后修改由 admin, 于 2016-08-31 10:29:18]
评论Feed: http://blog.xg98.com/feed.asp?q=comment&id=2337
这篇日志没有评论。
此日志不可发表评论。
