问题
I have set the following property in websphere for the jsession cookie
com.ibm.ws.webcontainer.HTTPOnlyCookies.
Any idea how best to test this using JavaScript in Firefox or IE?
回答1:
It's a pain in IE. I have IE9 so your screens may be different.
Press F12, go to the network tab, and then press Start Capturing. Back in IE then open the page you want to view. Back in the F12 window you show see all the individual HTTP requests, select the one that's the page or asset you're checking the cookies on and double click on it. You should then be able to see all the response headers and cookies on their relevant tabs.
Edit:
A HttpOnly Cookie would look something like this:
Set-Cookie: SessionId=z5ymkk45aworjo2l31tlhqqv; path=/; HttpOnly
The cookie may not be sent with every response, so you may need to clear all of your cookies and then try again to make sure one is sent with the request you're monitoring.
回答2:
Firebug - click on the Cookies tab
回答3:
firecookie for firefox gives me the answer.
回答4:
add the following lines to your app String
sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; secure; HttpOnly");
来源:https://stackoverflow.com/questions/4316539/how-do-i-test-httponly-cookie-flag