Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Reviewing security parameters
From: Jared <jared () geek-boy com>
Date: Fri, 16 Apr 2004 17:34:29 -0400

On Apr 16, 2004, at 3:01 PM, V. Poddubniy wrote:

Don't forget to set cookie as HttpOnly (this is useful at least for
users of IE 6 SP1). This will tell browser not to tell on-page scrips
(javascript, etc.) the cookie.

how does one do this? I was under the impression that you could set a cookie to only be sent via HTTPS/SSL, but not with any other restrictions.

Is this a feature that is unique to a particular web application environment, i.e. ASP.Net, PHP, JSP?


- Jared

Happiness is a warm laptop.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]