[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-NP1cZTjC-1572524056387)(en-resource://database/2815:1)]
利用方法.NET2.0
<httpCookies httpOnlyCookies="true" …>C#
HttpCookie myCookie = new HttpCookie("myCookie"); myCookie.HttpOnly = true; Response.AppendCookie(myCookie);VB.NET
Dim myCookie As HttpCookie = new HttpCookie("myCookie") myCookie.HttpOnly = True Response.AppendCookie(myCookie)PHP
5.2 版本以后 在 php.ini 中进行全局设置session.cookie_httponly=1/TRUE
把 setcookie、setrawcookie 函数中的第七个传入的参数设置为 TRUE setcookie('id',$$_POST['name'],time()+3600,null,null,null,TRUE);setrawcookie('id',$$_POST['name'],time()+3600,null,null,null,TRUE); php 代码顶部设置 ini_set("session.cookie_httponly", 1); 5.2 版本以前header("Set-Cookie: hidden=value; httpOnly");
浏览器控制台中
http: response.addHeader("Set-Cookie", "uid=112; Path=/; HttpOnly");https: response.addHeader("Set-Cookie", "uid=112; Path=/; Secure; HttpOnly");