问题描述
我正在尝试使用 document.cookie
读取我的域设置的所有 cookie,我注意到的是,它只返回 csrftoken 和另一个值.我的目标是从 cookie 中读取 sessionid
I am trying to read all the cookies set by my domain using document.cookie
what I have noticed is, it returns only csrftoken and another value. My goal is to read the sessionid
from the cookie
请看下面的截图,它显示了我本地机器上设置的 cookie
please see the below screenshot that shows the cookies set on my local machine
这是document.cookie
推荐答案
_rbt_login_message
和 sessionid
可能是 HTTP-only cookie,这意味着它们只能被服务器读取当它处理页面请求时,而不是通过任何客户端 JavaScript 代码.
_rbt_login_message
and sessionid
are likely HTTP-only cookies, meaning they can be read only by the server when it's handling a page request, and not by any client-side JavaScript code.
这通常用于会话识别 cookie,因为您(作为开发人员)不希望客户端代码(可以相对容易地被恶意第三方注入)能够窃取一个会话的用户.
This is usually done for session identifying cookies, since you (as a developer) don't want client-side code (which can be injected by a malicious third-party relatively easily) to be able to steal the session of one of your users.
这篇关于document.cookie 没有返回所有的 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!