A very good and funny writeup on fighting XSS attacks with HttpOnly cookies. I prefer to set session.cookie_httponly = 1 right in the server's php.ini file (for PHP projects). If a project depends on JavaScript access to cookies, then fix the project and not the other way around.
Recent comments
1 year 46 weeks ago
3 years 15 weeks ago
3 years 15 weeks ago
3 years 17 weeks ago
3 years 18 weeks ago
3 years 25 weeks ago
3 years 25 weeks ago
3 years 25 weeks ago
3 years 25 weeks ago
3 years 26 weeks ago