.net 获取浏览器Cookie(包括HttpOnly)实例分享
对于获取浏览器Cookie,我们需要了解浏览器的机制。浏览器的Cookie可以通过JavaScript代码进行读取,但是有些Cookie被设置为HttpOnly属性,此时JavaScript将无法读取该Cookie。因此我们需要通过服务端代码获取HttpOnly的Cookie。
在.NET中,我们可以通过以下步骤获取浏览器的Cookie,包括HttpOnly:
1.发送请求时将Cookie保存到CookieContainer
在发送请求时我们可以通过HttpWebRequest和HttpWebResponse类来处理请求和响应。其中,我们可以新建一个CookieContainer实例来保存Cookie。我们可以使用CookieContainer.Add()方法将Cookie添加到容器中。
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://example.com");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
CookieContainer cookieContainer = new CookieContainer();
cookieContainer.Add(response.Cookies); //将响应中的Cookie保存到容器中
2.在下次请求时将Cookie从CookieContainer中读取
在下一次请求时,我们可以使用保存Cookie的CookieContainer实例向服务器发送请求并从响应中获取Cookie。
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://example.com");
request.CookieContainer = cookieContainer; //设置请求的CookieContainer为上一步中保存Cookie的容器
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
同时,如果想要获取HttpOnly的Cookie,我们可以使用Reflection API的相关方法。
示例1:获取HttpOnly的Cookie
private static CookieCollection GetAllCookiesFromHeader(string header, string domain)
{
CookieCollection cookies = new CookieCollection();
Regex cookieRegex = new Regex(@"(?<cookie>\S+);?\s+HttpOnly");
Match cookieMatch = cookieRegex.Match(header);
while (cookieMatch.Success)
{
Cookie cookie = new Cookie();
cookie.Domain = domain;
string rawCookie = cookieMatch.Groups["cookie"].Value;
cookie.Name = rawCookie.Substring(0, rawCookie.IndexOf('=')).Trim();
cookie.Value = rawCookie.Substring(rawCookie.IndexOf('=') + 1).Trim();
cookies.Add(cookie);
cookieMatch = cookieMatch.NextMatch();
}
return cookies;
}
示例2:使用HttpWebRequest和Reflection API获取HttpOnly的Cookie
public static CookieCollection GetCookies(string url)
{
var req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "GET";
CookieContainer container = new CookieContainer();
req.CookieContainer = container;
var res = (HttpWebResponse)req.GetResponse();
res.Close();
var cookies = GetAllCookies(container);
return cookies;
}
private static CookieCollection GetAllCookies(CookieContainer container)
{
var allCookies = new CookieCollection();
Hashtable table = (Hashtable)container.GetType().InvokeMember("m_domainTable", BindingFlags.NonPublic | BindingFlags.GetField | BindingFlags.Instance, null, container, new object[] { });
foreach (var key in table.Keys)
{
Uri uri = null;
var strkey = key.ToString();
if (strkey.StartsWith("."))
{
strkey = strkey.Substring(1);
}
string url = $"http://{strkey}/";
if (Uri.TryCreate(url, UriKind.RelativeOrAbsolute, out uri))
{
var lstCookies = (SortedList)table[key].GetType().InvokeMember("m_list", BindingFlags.NonPublic | BindingFlags.GetField | BindingFlags.Instance, null, table[key], new object[] { });
foreach (CookieCollection colCookies in lstCookies)
{
allCookies.Add(colCookies);
}
}
}
return allCookies;
}
通过上述方法,我们可以获取到浏览器中的Cookie,包括HttpOnly的Cookie。