18,356
社区成员
发帖
与我相关
我的任务
分享自动登录返回的cookie如何得到 httponly javascript
response header中是
Set-Cookie: sso=r=2009896016&sid=&wsid=FF057B8A38313854B0DC40C8E15B6EF7;Path=/;Domain=tianya.cn;HttpOnly;Max-Age=2592000;Expires=Mon Mar 31 10:04:35 CST 2014
返回的数据是网页,里面有javascript代码设置cookie,生成的cookie和set-cookie里的不一样
这两个哪一个才是真正的cookie
网页运行返回的javascript 为什么没有生成本地的cookie,打开仍然是未登录的状态。返回的数据是html文件如下:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<base href="http://passport.tianya.cn:80/" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="expires" content="0" />
<title>登录中......</title>
<script>
document.cookie='user=w=buddhasson&id=75783140&f=1;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='time=st=1j4k0P&ct='+parseInt(new Date().getTime()/1000)+'&et='+(parseInt(new Date().getTime()/1000)+2592000)+';expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='temp=k=259620719&s=&t=1393639475&b=573999a6c61ec47bc1f102b969c124eb;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='right=web4=n&portal=n;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='temp4=rm=f04a8ebc4441867413d47440f5faf52e;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
</script>
</head>
<body>
<script>
location.href="http://passport.tianya.cn:80/loginbuffer2.jsp?fowardurl=http%3A%2F%2Fbbs.tianya.cn%2Flist-develop-1.shtml&userthird=®Orlogin=%E7%99%BB%E5%BD%95%E4%B8%AD......&cookieTime=1393639475&portalValue=&rightCookie=false&rmCookieCode=f04a8ebc4441867413d47440f5faf52e&isActivatedUser=true&idWriter=75783140&writer=buddhasson&intKey=259620719&chvSysGradeList=null&sysGrade=null&flag=39c05415a243c245a27089c5e15e340f&rmCode=true&rmFlag=1&wsid=FF057B8A38313854B0DC40C8E15B6EF7&r=2009896016";
</script>
</body>
</html>
把这个数据保存为网页运行,仍然没有登录成功,这是为什么
Set-Cookie: sso=r=2009896016&sid=&wsid=FF057B8A38313854B0DC40C8E15B6EF7;Path=/;Domain=tianya.cn;HttpOnly;Max-Age=2592000;Expires=Mon Mar 31 10:04:35 CST 2014
返回的数据是网页,里面有javascript代码设置cookie,生成的cookie和set-cookie里的不一样
这两个哪一个才是真正的cookie
网页运行返回的javascript 为什么没有生成本地的cookie,打开仍然是未登录的状态。返回的数据是html文件如下:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<base href="http://passport.tianya.cn:80/" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="expires" content="0" />
<title>登录中......</title>
<script>
document.cookie='user=w=buddhasson&id=75783140&f=1;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='time=st=1j4k0P&ct='+parseInt(new Date().getTime()/1000)+'&et='+(parseInt(new Date().getTime()/1000)+2592000)+';expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='temp=k=259620719&s=&t=1393639475&b=573999a6c61ec47bc1f102b969c124eb;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='right=web4=n&portal=n;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
document.cookie='temp4=rm=f04a8ebc4441867413d47440f5faf52e;expires='+(new Date(new Date().getTime()+2592000*1000)).toGMTString()+';path=/;domain=tianya.cn';
</script>
</head>
<body>
<script>
location.href="http://passport.tianya.cn:80/loginbuffer2.jsp?fowardurl=http%3A%2F%2Fbbs.tianya.cn%2Flist-develop-1.shtml&userthird=®Orlogin=%E7%99%BB%E5%BD%95%E4%B8%AD......&cookieTime=1393639475&portalValue=&rightCookie=false&rmCookieCode=f04a8ebc4441867413d47440f5faf52e&isActivatedUser=true&idWriter=75783140&writer=buddhasson&intKey=259620719&chvSysGradeList=null&sysGrade=null&flag=39c05415a243c245a27089c5e15e340f&rmCode=true&rmFlag=1&wsid=FF057B8A38313854B0DC40C8E15B6EF7&r=2009896016";
</script>
</body>
</html>
把这个数据保存为网页运行,仍然没有登录成功,这是为什么
...全文
请发表友善的回复…
发表回复
new20000777 2014-03-01
- 打赏
- 举报
怎么样才能得到javascript代码中生成的cookie
new20000777 2014-03-01
- 打赏
- 举报
post提交用户名密码登录某网站,成功返回cookie数据包,但是出现如上的问题,不知怎么解决
oyljerry 2014-03-01
- 打赏
- 举报
可能需要javascript或者浏览器插件来获取cookie
java后台和php后台如何设置HttpOnly到前台浏览器的cookie中.cookie中设置了HttpOnly属性,那么通过js脚本将无法读取到cookie信息,这样能有效的防止XSS攻击.zip
