use*_*596 5 c++ iis cookies winapi isapi
我遇到了在ISAPI过滤器中设置多个cookie的问题.我想将HttpOnly标志添加到所有cookie中.
所以,在我的第一次尝试中,我分割了cookie值并添加了HttpOnly标志,然后我将它们组合成一个字符串,最后调用pResponse->SetHeader(pfc, "Set-Cookie:", szNewValue),浏览器只获得第一个cookie值.
第一次尝试代码:
cbValue = sizeof(szValue) / sizeof(szValue[0]);
if (pResponse->GetHeader(pfc, "Set-Cookie:", szValue, &cbValue))
{
char szNewValue[MAX_URI_SIZE] = "";
char* token = NULL;
char* context = NULL;
char delim[] = ",";
// szValue format like
// "Language=en; expires=Sat, 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly,Language=en; expires=Sat, 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly"
// After first split
// token = "Language=en; expires=Sat"
// context = " 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly,Language=en; expires=Sat, 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly"
token = strtok_s(szValue, delim, &context);
while (token != NULL)
{
strcat_s(szNewValue, token);
if (NULL != context)
{
if (' ' != context[0] && !strstr(token, "HttpOnly"))
{
strcat_s(szNewValue, "; HttpOnly");
}
// context[0] = ' ' means it split the one whole cookie, not an entire cookie, we need append ","
// context[0] != '\0' means other cookies after, we need append delimiter ","
if (' ' == context[0] || '\0' != context[0])
{
strcat_s(szNewValue, ",");
}
}
// NULL, function just re-uses the context after the first read.
token = strtok_s(NULL, delim, &context);
}
if (!pResponse->SetHeader(pfc, "Set-Cookie:", szNewValue))
{
// Fail securely - send no cookie!
pResponse->SetHeader(pfc,"Set-Cookie:","");
}
在第二次尝试中,我拆分了cookie值,并pResponse->SetHeader(pfc, "Set-Cookie:", szNewValue)为每个cookie 调用,但浏览器在这种情况下只获取最后一个cookie.
第二次尝试代码:
cbValue = sizeof(szValue) / sizeof(szValue[0]);
if (pResponse->GetHeader(pfc, "Set-Cookie:", szValue, &cbValue))
{
char szNewValue[MAX_URI_SIZE] = "";
char* token = NULL;
char* context = NULL;
char delim[] = ",";
// szValue format like
// "Language=en; expires=Sat, 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly,Language=en; expires=Sat, 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly"
// After first split
// token = "Language=en; expires=Sat"
// context = " 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly,Language=en; expires=Sat, 15-Jul-2113 02:46:27 GMT; path=/; HttpOnly"
token = strtok_s(szValue, delim, &context);
while (token != NULL)
{
strcat_s(szNewValue, token);
if (NULL != context)
{
if (' ' != context[0] && !strstr(token, "HttpOnly"))
{
strcat_s(szNewValue, "; HttpOnly");
}
// context[0] = ' ' means it split the one whole cookie, not an entire cookie, we need append ","
// context[0] != '\0' means other cookies after, we need append delimiter ","
if (' ' == context[0])// || '\0' != context[0])
{
strcat_s(szNewValue, ",");
}
if (' ' != context[0])
{
pResponse->SetHeader(pfc, "Set-Cookie:", szNewValue);
strcpy(szNewValue, "");
}
}
// NULL, function just re-uses the context after the first read.
token = strtok_s(NULL, delim, &context);
}
我在IE10 + Win2008 R2中这样做.在这两种情况下,结果cookie字符串格式正确.有没有人对此有任何线索?
这个问题基本上存在,因为当你调用时GetHeader,你会收到一个以逗号分隔的字符串中的所有cookie.使用SetHeader方法将所有cookie设置回响应的最佳方法是什么?
小智 0
您的第一次尝试比第二次更好,因为您应该只设置标题一次。我认为你的字符串解析算法有点不对劲。我会尝试简化一些。首先将每个 cookie 的标头拆分为字符串。然后修改 cookie 以根据需要添加 http only 属性,然后将 cookie 组合回单个标头。