httponly cookie

  • Resolved mintasia2023

    (@mintasia2023)


    1 year, 11 months ago

    How can we add this HTTPonly Attribute to URL below?
    150121 Session Cookie (Authentication Related) Does Not Contain The
    “HTTPOnly” Attribute

    Cookies without the “HTTPOnly” attribute are permitted to be accessed
    via JavaScript. Cross-site scripting attacks can steal to session
    cookies which could lead to user impersonation or compromise of the
    application account.

Viewing 1 replies (of 1 total)
  • Plugin Author Bob

    (@prasunsen)

    You can’t and you shouldn’t. Watu’s cookies must be accessible via JavaScript and should not be HTTPOnly. There is no sensitive information in them so please ignore so-called security reports or experts or whatever is advising you that the cookie should have this attribute.

Viewing 1 replies (of 1 total)
  • The topic ‘httponly cookie’ is closed to new replies.