问题
how does the browser differentiate a cookie is from client-side created (JavaScript) or server-side created (ASP.NET). Is it possible to delete cookie created from server side in client side and vice versa, I'm struggling to delete a cookie was created from client-side using javascript in ASP.NET code-behind.
回答1:
how does the browser differentiate a cookie is from Client side(javascript created) or serverside created (Asp.net).
It doesn't. A cookie is a cookie.
The closest it comes is the HTTP Only flag, which allows a cookie to be hidden from JavaScript. (This provides a little defence against XSS cookie theft).
it is possible to delete cookie created from server side in client side and vice versa
Yes. A cookie is a cookie. (Again, client side code can't touch an HTTP only cookie)
回答2:
As far as I know it is possible if there is not property HttpOnly owasp wikipedia.
In chrome, for the cookies, there is a field - Accessible by script, which indicates if HttpOnly is set.
来源:https://stackoverflow.com/questions/10100940/how-to-identify-a-cookie-is-from-client-side-or-server-side