Questions about this topic? Sign up to ask in the talk tab.

Cookies/Flags/HttpOnly

From NetSec

Revision as of 07:39, 19 July 2012 by Chantal21I (Talk | contribs) (Created page with "This flag indicates that a cookie can't be accessed through means other than HTTP transmission. That is, no Javascript, Flash or whatever client-run technique can access this coo...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

This flag indicates that a cookie can't be accessed through means other than HTTP transmission. That is, no Javascript, Flash or whatever client-run technique can access this cookie, i.e. it is not to be accessed by the client directly.

This flag protects the cookie from cross-site scripting attempts to steal the cookie (as could be done to steal a session).

Retrieved from "http://nets.ec/index.php?title=Cookies/Flags/HttpOnly&oldid=8274"

Navigation menu