A very good and funny writeup on fighting XSS attacks with HttpOnly cookies. I prefer to set session.cookie_httponly = 1 right in the server's php.ini file (for PHP projects). If a project depends on JavaScript access to cookies, then fix the project and not the other way around.
Recent comments
1 year 42 weeks ago
3 years 11 weeks ago
3 years 11 weeks ago
3 years 13 weeks ago
3 years 14 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago