use Chrome browser to open Baidu website, and use developer tools to check the Cookie, of Baidu website, as shown in the following figure, a total of 8 cookie items.
document.cookie API cookie 7 cookie cookie HTTP
cookie document.cookie API HTTP
use Chrome browser to open Baidu website, and use developer tools to check the Cookie, of Baidu website, as shown in the following figure, a total of 8 cookie items.
document.cookie API cookie 7 cookie cookie HTTP
cookie document.cookie API HTTP
if the HttpOnly property is set in cookie (that is, the http you see is checked), then the cookie information will not be read through the js script, which can effectively prevent XSS attacks (the principle is that attackers enter (input) malicious HTML code to websites with XSS vulnerabilities, and this HTML code will be executed automatically when other users browse the site, thus achieving the purpose of the attack. For example, stealing user Cookie, destroying page structure, redirecting to other websites, etc.).