Stack Overflow
Stack Overflow

Questions tagged [cookie-httponly]

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Related Tags:

129 questions
0
votes
1 answer

'HttpOnly' should be added to 'auth' cookie

I've recently had a security audit on my website and was informed I need to apply 'HttpOnly' to my 'auth' cookie. I have no idea how to change this in the web.config file. The site is ASP.NET MVC. I'd appreciate it if someone could point me in the…
QBALL777
  • 15
  • 4
0
votes
1 answer

Insecure HTTP cookies

Morning good people. I have question related to HTTP Cookies, there is a way or tools that we can know our cookies have flag(s) Secure, HttpOnly? Thank you
Sahala Riyadi
  • 11
  • 1
0
votes
2 answers

How to configure httponly and secure flag in .net core 2.0?

There is no error But I am unable to configuration httponly status in browser. Can you check my code please. public void ConfigureServices(IServiceCollection services) { services.AddDistributedMemoryCache(); services.AddMvc(); …
Raju Pandey
  • 41
  • 1
  • 1
  • 2
0
votes
1 answer

create httpOnly cookie in Angular and Django

Am building an app using Django as the backend and Angular as the frontend. I understand that saving authentication token in httpOnly cookies is the safest, great. The real question is how do i do that. Been hearing around that i will need something…
phacic
  • 1,102
  • 1
  • 10
  • 18
0
votes
2 answers

SonarQube - Cookie not sent over SSL (CWE 614) (HttpOnly)

We're implementing SonarQube in our environment running behind an IIS proxy for HTTPS connection. After running a security scan on the application (HP Fortify), it came back with some cookie security issues, Specifically as follows: Cookie Security:…
lapfrank
  • 11
  • 4
0
votes
1 answer

Django SESSION_COOKIE_HTTPONLY set but the HttpOnly flag does not show up on cookies

I've set this variable in the settings file like this: SESSION_COOKIE_HTTPONLY = True but when I open the website with Google Chrome HttpOnly does not show up in set-cookie. My webserver is Apache2.4, and the website is using Https protocol.
Navid777
  • 3,379
  • 7
  • 37
  • 62
0
votes
1 answer

Unable to login in same address when hit the REST service using java

I hit the rest URL https://db2adminpc1:9443/rest/bpm/wle/v1/search/query?organization=byInstance&run=true&shared=false&filterByCurrentUser=true using HttpURLConnection class and I get the SJON data in inputstream. But in my requirement when I hit…
Yogesh Raut
  • 5
  • 1
  • 6
0
votes
1 answer

Missing HttpOnly Attribute for Session Identifier with HTTP protocol

Earlier I was getting HttpOnly for both HTTP/HTTPS protocol, but missing secure attribute. In order to add "Secure" attribute, I added secure="true" in server.xml ’s Connector port syntax as below –
Jatin
  • 151
  • 2
  • 5
  • 16
0
votes
1 answer

Jboss 5.1 HttpOnly cookies , unable to logIn to the system

I added following line to my context.xml as discussed in This question and now all my cookies were set to secure and httponly. but now when i logged in to the system it throw me out and said my session got expired. system is running on 'Http' and is…
Sam
  • 2,005
  • 6
  • 30
  • 48
0
votes
1 answer

Php normal cookies vs httponly cookies precedence in $_COOKIE

I've noticed that when I setup in a script two cookies with the same name/domain but one using php setcookie, with httponly flag enabled, and the other using javascript code when I try to retrive the cookie value with the use of the $_COOKIE var I…
exeguibile italia
  • 3
  • 2
0
votes
2 answers

Cookie vs token based authentication for SPA?

I'm building an Single Page App using AngularJS and Spring for backend. For the purpose of making my backend stateless, i recently researched on JWT(JSON Web Tokens). Now here's the confusion - a. Should i send my JWT on response header to client…
Ansh Agarwal
  • 171
  • 2
  • 11
0
votes
1 answer

Getting HttpOnly cookies. Returns only one when expecting multiple

I found a working solution to get HttpOnly cookies, however it only returns one cookie, while I expect multiple cookies. Can somebody tell me what I do wrong? private const Int32 InternetCookieHttponly = 0x2000; [DllImport("wininet.dll",…
user3763117
  • 317
  • 1
  • 5
  • 17
0
votes
1 answer

CakePHP cookies are not secure and not httponly

Cookies in my app are not secured and not http only, but they are configured exactly as in example on CakePHP Book 2.0 - Session Configuration. Configure::write('Session', array( 'defaults' => 'php', 'timeout' => 30, …
wewo
  • 662
  • 6
  • 16
0
votes
1 answer

Ajax call to a rest service behind an adfs

I am exposing some Rest services through an MVC 4 (.net) project. They are deployed behing an adfs authentication server. Other applications, that are behind the same ADFS are calling my services through ajax calls. The problem is that the calls are…
dor.elmaliach
  • 495
  • 4
  • 14
0
votes
1 answer

Is there a way to rewrite a cookie name in nginx?

I'm trying to logout the user by removing a cookie and redirect him to the home page. Is it possible to do it without adding lua-nginx-module?
Vasu Adari
  • 860
  • 9
  • 14
1 2 3
8
9