http://blog.miniasp.com/post/2009/11/26/Using-HttpOnly-flag-to-avoid-XSS-attack.aspx
asp寫法
Response.AddHeader "Set-Cookie", "CookieName=CookieValue; path=/; HttpOnly"
也可以加上domain, expires,譬如
Response.AddHeader "Set-Cookie", "test=123; domain=localhost; expires="&GetGMT(now()+1)&"; path=/; HttpOnly"
function GetGMT(od)
'GMT格式: Tue, 23 Dec 2014 23:19:08 GMT
od=dateAdd("h",8,od)
aWeek=Array("","Sun","Mon","Tue","Wed","Thu","Fri","Sat")
aMonth=Array("","Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec")
nd=aWeek(weekday(od)) &", "& day(od) &" "& aMonth(month(od)) &" "& year(od) &" "& right("00"&hour(od),2)&":"&right("00"&minute(od),2)&":"&right("00"&second(od),2)&" GMT"
GetGMT = nd
end function
留言列表