Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Cookies/Flags/HttpOnly"

From NetSec
Jump to: navigation, search
(Created page with "This flag indicates that a cookie can't be accessed through means other than HTTP transmission. That is, no Javascript, Flash or whatever client-run technique can access this coo...")
 
(No difference)

Latest revision as of 07:39, 19 July 2012

This flag indicates that a cookie can't be accessed through means other than HTTP transmission. That is, no Javascript, Flash or whatever client-run technique can access this cookie, i.e. it is not to be accessed by the client directly.

This flag protects the cookie from cross-site scripting attempts to steal the cookie (as could be done to steal a session).

Retrieved from "http://nets.ec/index.php?title=Cookies/Flags/HttpOnly&oldid=8274"