28,409
社区成员
发帖
与我相关
我的任务
分享ASP网站被检测到此漏洞:会话Cookie中缺少HttpOnly属性 这个怎处理?
如题。ASP网站被检测到此漏洞:会话Cookie中缺少HttpOnly属性 这个怎处理?
...全文
请发表友善的回复…
发表回复
阿贝儿儿 2018-08-24
- 打赏
- 举报
在首页中加入了 Response.AddHeader "Set-Cookie", "mycookie=yo; HttpOnly" 这个代码 代码前后加<%%>但是还是检测出 Cookie没有HttpOnly标志,请高手指点一下是什么原因
斯洛文尼亚旅游 2017-01-06
- 打赏
- 举报
<%
'**************************************************
'ASP 中输出httponly cookie IE6.0以上浏览器支持
'WDFrog
'2009-04-15
'<meta http-equiv="Content-Type" content="text/html; charset=gb2312″>
'**************************************************
'———-SetHttpOnlyCookie—————————————-
'功能:设置HttpOnly Cookie
'参数:expDate 为保到期, 0表示不设置,设置为过去某一时间表示清除
'参数:domain 为空(string.Empty)表示不设置
'——————————————————————-
Function SetHttpOnlyCookie(cookieName,cookieValue,domain,path,expDate)
Dim cookie
cookie=cookieName & "=" & Server.URLEncode(cookieValue) & "; path=" & path
If expDate <> 0 Then
cookie=cookie & "; expires=" & DateToGMT(expDate)
End If
If domain <> "" Then
cookie=cookie & "; domain=" & domain
End If
cookie=cookie & "; HttpOnly"
Call Response.AddHeader ("Set-Cookie", cookie)
End Function
'————-getGMTTime————
'参数: sDate 需要转换成GMT的时间
'———————————
Function DateToGMT(sDate)
Dim dWeek,dMonth
Dim strZero,strZone
strZero="00″
strZone="+0800″
dWeek=Array("Sun","Mon","Tue","Wes","Thu","Fri","Sat")
dMonth=Array("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec")
DateToGMT = dWeek(WeekDay(sDate)-1)&", "&Right(strZero&Day(sDate),2)&" "&dMonth(Month(sDate)-1)&" "&Year(sDate)&" "&Right(strZero&Hour(sDate),2)&":"&Right(strZero&Minute(sDate),2)&":"&Right(strZero&Second(sDate),2)&" "&strZone
End Function
'示例
Call SetHttpOnlyCookie("cookieOnly1″,"onlyValue",".gyzs.com","/",0)
%>
此段如何使用,放在哪个位置或文件[/quote]
你在哪生成cookie的,改用SetHttpOnlyCookie来生成
horvin 2017-01-05
- 打赏
- 举报
<%
'**************************************************
'ASP 中输出httponly cookie IE6.0以上浏览器支持
'WDFrog
'2009-04-15
'<meta http-equiv="Content-Type" content="text/html; charset=gb2312″>
'**************************************************
'———-SetHttpOnlyCookie—————————————-
'功能:设置HttpOnly Cookie
'参数:expDate 为保到期, 0表示不设置,设置为过去某一时间表示清除
'参数:domain 为空(string.Empty)表示不设置
'——————————————————————-
Function SetHttpOnlyCookie(cookieName,cookieValue,domain,path,expDate)
Dim cookie
cookie=cookieName & "=" & Server.URLEncode(cookieValue) & "; path=" & path
If expDate <> 0 Then
cookie=cookie & "; expires=" & DateToGMT(expDate)
End If
If domain <> "" Then
cookie=cookie & "; domain=" & domain
End If
cookie=cookie & "; HttpOnly"
Call Response.AddHeader ("Set-Cookie", cookie)
End Function
'————-getGMTTime————
'参数: sDate 需要转换成GMT的时间
'———————————
Function DateToGMT(sDate)
Dim dWeek,dMonth
Dim strZero,strZone
strZero="00″
strZone="+0800″
dWeek=Array("Sun","Mon","Tue","Wes","Thu","Fri","Sat")
dMonth=Array("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec")
DateToGMT = dWeek(WeekDay(sDate)-1)&", "&Right(strZero&Day(sDate),2)&" "&dMonth(Month(sDate)-1)&" "&Year(sDate)&" "&Right(strZero&Hour(sDate),2)&":"&Right(strZero&Minute(sDate),2)&":"&Right(strZero&Second(sDate),2)&" "&strZone
End Function
'示例
Call SetHttpOnlyCookie("cookieOnly1″,"onlyValue",".gyzs.com","/",0)
%>
此段如何使用,放在哪个位置或文件
horvin 2017-01-05
- 打赏
- 举报
你好, 此代码放在哪里。
斯洛文尼亚旅游 2017-01-04
- 打赏
- 举报
