<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: Re: Reviewing security parameters

Re: Reviewing security parameters

From: Matt Summers <matt_at_pd9soft.com>
Date: Fri, 16 Apr 2004 17:31:20 -0500

You add this attribute to the cookie in the HTTP response header.
http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp

Mozilla has plans to follow suit.
http://bugzilla.mozilla.org/show_bug.cgi?id=178993

Jared wrote:

> On Apr 16, 2004, at 3:01 PM, V. Poddubniy wrote:
>
>> Don't forget to set cookie as HttpOnly (this is useful at least for
>> users of IE 6 SP1). This will tell browser not to tell on-page scrips
>> (javascript, etc.) the cookie.
>
>
> how does one do this? I was under the impression that you could
> set a cookie to only be sent via HTTPS/SSL, but not with any other
> restrictions.
>
> Is this a feature that is unique to a particular web application
> environment, i.e. ASP.Net, PHP, JSP?
>
> cheers,
>
> - Jared
>
>
Received on Apr 16 2004

This message: [ Message body ]
Next message: Simon Lemieux: "Follow-up: Reviewing security parameters"
Previous message: Jared: "Re: Reviewing security parameters"
In reply to: Jared: "Re: Reviewing security parameters"
Next in thread: exon: "Re: Reviewing security parameters"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]