mailing list archives
Re: Re: Cookie Security
From: ellukicq () icqmail com
Date: 30 Apr 2008 10:57:36 -0000
Thanks for the feedback so far everyone.
I'm getting plenty of comments regarding XSS
see that it is the method itself that is weak.
Is the suggested technique, on its own, fundamentally flawed? Thats my question.
I have also received a point in the direction of HTTPOnly cookies which sound promising for helping to secure the
method against XSS! Thanks Marco!
allowed to update/create HTTPOnly cookies?