Cookie 中的secure和httponly屬性

軟體開發 · 發表 2018-11-13 21:01:38

摘要： Golang中net/http 的Cookie結構體： // A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an // HTTP response or the Cookie he...

Golang中net/http 的Cookie結構體：

// A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
// HTTP response or the Cookie header of an HTTP request.
//
// See https://tools.ietf.org/html/rfc6265 for details.
type Cookie struct {
Namestring
Value string

Pathstring// optional
Domainstring// optional
Expirestime.Time // optional
RawExpires string// for reading cookies only

// MaxAge=0 means no 'Max-Age' attribute specified.
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
// MaxAge>0 means Max-Age attribute present and given in seconds
MaxAgeint
Securebool
HttpOnly bool
SameSite SameSite
Rawstring
Unparsed []string // Raw text of unparsed attribute-value pairs
}

其中有Secure 和HttpOnly 兩個屬性，我們開啟結構體上附加的註釋，可以查閱到：

Secure
HttpOnly

ofollow,noindex" target="_blank">https://tools.ietf.org/html/rfc6265

Cookie 中的secure和httponly屬性

您可能也會喜歡…