Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Reviewing security parameters
From: Matt Summers <matt () pd9soft com>
Date: Fri, 16 Apr 2004 17:31:20 -0500

You add this attribute to the cookie in the HTTP response header.

Mozilla has plans to follow suit.

Jared wrote:

On Apr 16, 2004, at 3:01 PM, V. Poddubniy wrote:

Don't forget to set cookie as HttpOnly (this is useful at least for
users of IE 6 SP1). This will tell browser not to tell on-page scrips
(javascript, etc.) the cookie.

how does one do this? I was under the impression that you could set a cookie to only be sent via HTTPS/SSL, but not with any other restrictions.

Is this a feature that is unique to a particular web application environment, i.e. ASP.Net, PHP, JSP?


- Jared

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]