2

没有错误但我无法在浏览器中配置 httponly 状态。你能检查我的代码吗?

public void ConfigureServices(IServiceCollection services)
    {
        services.AddDistributedMemoryCache();
        services.AddMvc();
        services.AddSession(options =>
        {
            // Set a short timeout for easy testing.
            options.IdleTimeout = TimeSpan.FromMinutes(20);
            options.Cookie.HttpOnly = true;
            options.Cookie.SameSite = SameSiteMode.Strict;
            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
          });
      }
 public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
       app.UseSession();
        app.UseStaticFiles();

        app.UseCookiePolicy(new CookiePolicyOptions
        {
            HttpOnly = HttpOnlyPolicy.Always,
            Secure =CookieSecurePolicy.Always,
            MinimumSameSitePolicy=SameSiteMode.None
        });
      }
4

2 回答 2

3

根据文档,您可以HttpOnly通过以下方式进行配置IApplicationBuilder.UseCookiePolicy()

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    /*..*/
    app.UseStaticFiles();
    app.UseSession();
    app.UseCookiePolicy(new CookiePolicyOptions
    {
        HttpOnly = HttpOnlyPolicy.Always
    });
}
于 2018-03-19T12:19:50.967 回答
2

在 ASP.NET Core 2.X 中,您可以使用以下代码:

public void ConfigureServices(IServiceCollection services)
{
     // This can be removed after https://github.com/aspnet/IISIntegration/issues/371
     services.AddAuthentication(
        options =>
        {
             //Blah Blah Blah
         }).AddCookie(opts =>
         {
              opts.Cookie.HttpOnly = false;
          });
 }

 public void Configure(IApplicationBuilder app)
 {
     app.UseAuthentication();
 }

请注意,这从 ASP.NET Core 1.X

于 2018-08-13T21:16:05.367 回答