Questions about this topic? Sign up to ask in the talk tab.

Cookies/Flags/HttpOnly

From NetSec
Revision as of 06:39, 19 July 2012 by Chantal21I (Talk | contribs) (Created page with "This flag indicates that a cookie can't be accessed through means other than HTTP transmission. That is, no Javascript, Flash or whatever client-run technique can access this coo...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This flag indicates that a cookie can't be accessed through means other than HTTP transmission. That is, no Javascript, Flash or whatever client-run technique can access this cookie, i.e. it is not to be accessed by the client directly.

This flag protects the cookie from cross-site scripting attempts to steal the cookie (as could be done to steal a session).