问题
Using Internet Options I can see all persistent cookies, and using Developer Tools I can see all JS-accessible session cookies. There does not seem to be a way to view HTTPOnly session cookies.
In Firefox there are many options, both built-in and with Firebug, to view cookies, including being able to see the request/response headers. Is there no way in IE8 to see HTTPOnly session cookies?
Related questions (no solutions for HttpOnly): IE7 IE8
回答1:
Check this out: http://blogs.msdn.com/b/jpsanders/archive/2009/06/04/understanding-the-new-wininet-flag-internet-cookie-httponly.aspx
There are a couple of new Cookie flags introduced with the Internet Explorer 8 WinInet.dll. The INTERNET_COOKIE_HTTPONLY flag allows you to read the HttpOnly cookies in your WinInet Code. This flag is documented here: http://msdn.microsoft.com/en-us/library/aa384714(VS.85).aspx.
and here's a way to build a tool and use this: http://www.codeproject.com/Articles/38616/Retrieve-HttpOnly-Session-Cookie-in-WebBrowser
Off the IE8 shelf not sure I see a way to retrieve HTTPOnlyCookies, since the dev tools seems to show only non HTTPOnly cookies. If you want to use a tool, use Fiddler2 and set response type to HTTPOnly.
来源:https://stackoverflow.com/questions/11935211/view-httponly-session-cookies-in-internet-explorer