HttpOnly flag not set

  • Resolved Josh Bedford

    (@joshbedford)


    2 years, 9 months ago

    Hi there,

    I’ve noticed the cookie set for anti-bot is lacking an HttpOnly flag. Could you confirm whether this is intentional or something that is to be corrected in an upcoming update? I guess it may be intentional due to the way the JS presumably needs to be read for anti-bot to function, but just looking for confirmation please so we can allay any worries from clients.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Your assumptions are correct. Setting those cookies without the HttpOnly flag is quite normal because 1) the cookies hold random values not linked to a user and 2) are not used for authenticating users. No corrections are needed.

    Thread Starter Josh Bedford

    (@joshbedford)

    Hi @gioni, that’s great – thanks for confirming!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘HttpOnly flag not set’ is closed to new replies.

Tags