how do I test httpOnly cookie flag

前端 未结 4 2051
北海茫月
北海茫月 2021-02-18 21:18

I have set the following property in websphere for the jsession cookie com.ibm.ws.webcontainer.HTTPOnlyCookies.

Any idea how best to test this using Jav

相关标签:
4条回答
  • 2021-02-18 22:01

    add the following lines to your app String

    sessionid = request.getSession().getId();
    response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; secure; HttpOnly");
    
    0 讨论(0)
  • 2021-02-18 22:11

    It's a pain in IE. I have IE9 so your screens may be different.

    Press F12, go to the network tab, and then press Start Capturing. Back in IE then open the page you want to view. Back in the F12 window you show see all the individual HTTP requests, select the one that's the page or asset you're checking the cookies on and double click on it. You should then be able to see all the response headers and cookies on their relevant tabs.


    Edit:

    A HttpOnly Cookie would look something like this:

    Set-Cookie: SessionId=z5ymkk45aworjo2l31tlhqqv; path=/; HttpOnly

    The cookie may not be sent with every response, so you may need to clear all of your cookies and then try again to make sure one is sent with the request you're monitoring.

    0 讨论(0)
  • 2021-02-18 22:13

    firecookie for firefox gives me the answer.

    0 讨论(0)
  • 2021-02-18 22:23

    Firebug - click on the Cookies tab

    0 讨论(0)
提交回复
热议问题