Protecting Your Cookies: HttpOnly
Fri, 2012.11.23 - 18:10 — müzso
A very good and funny writeup on fighting XSS attacks with HttpOnly cookies. I prefer to set 
session.cookie_httponly = 1 right in the server's php.ini file (for PHP projects). If a project depends on JavaScript access to cookies, then fix the project and not the other way around.
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Recent comments
1 year 42 weeks ago
3 years 11 weeks ago
3 years 11 weeks ago
3 years 13 weeks ago
3 years 14 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago