Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions tagged [cookie-httponly]
129 questions
0
votes
1 answer
Defining cookie as secure and httponly in web config (Classic ASP, IIS 6.0).
I need to declare all ASP cookies as secure and httponly. The code is in Classic ASP and IIS ver is 6.0.
The cookie has been defined as…
0
votes
1 answer
Changes in Java 6 update 71 regarding httpOnly = true
We have observed the httpOnly attribute has some changes in java 6 Update 71, due to which my JSessionIDSSO cookie has the attribute httpOnly as true.
just need to check , has anyone faced the same issue ?
Now my JNLP application which uses…
gusainhimanshu
- 157
- 1
- 11
0
votes
1 answer
Set HttpOnly attribute of a cookie as "True" using javascript
I have a function in Javascript which sets a cookie like this:
document.cookie = "name='Name'" + ";EXPIRES=sometime" + ";PATH=$PATH" + ";DOMAIN=domain" + ";SECURE=''";
I want to set the HttpOnly attribute of the cookie as TRUE.
How do I do that in…
Krishnachandra Sharma
- 1,310
- 2
- 18
- 40
0
votes
1 answer
Using httpOnly cookies for device registration
I have a mobile website where, as part of my security measures, I want users to "register" their device, so I can limit the number of devices that users can have accessing the site. My thought was, for a "new" device, put them through a two-factor…
Danny Ackerman
- 799
- 1
- 8
- 22
0
votes
1 answer
Unable to get the session id from HTTP cookie in CookieContainer WP8 application
Preface:
I'm writing a windows phone 8 application, and one of my modules is responsible for communication over a remote server.
I'm using GET and POST methods using HttpWebRequest and HttpWebRequest.
I was also surprised to found out, that HTTP…
Erez
- 195
- 2
- 12
0
votes
1 answer
turning on https flag for cookie
So I am using this legacy application which is in php 4.
I am trying to set the httponly flag and secure flag on.
This is my code:
header( "Set-Cookie:". $cookieName."=".$sessId."; expires=".$expireSeconds."; sessionID=".$sessId.";path=".$path.";…
Micheal
- 2,132
- 8
- 44
- 86
-1
votes
1 answer
Unable to validate Antiforgery token when cookie is set to httponly
When i set the value of httponly=true. AutoValidateAntiforgeryTokenAttribute doesnot validate the request and return 400 bad request
AntiforgeryTokenSet tokens = antiforgery.GetAndStoreTokens(context);
…
malik rizwan
- 82
- 7
-1
votes
1 answer
Http-only flag not working on tomcat 6 and servlet 2.5
I want to make my cookie secure and http request only. I've seen many post like this and seem to work fine, but using configuration files and servlet +2.5. What I basically want to do is to set my cookie http only and (if possible) ssl only as well.…
-1
votes
1 answer
Setting cookie_httponly in zend framework doesn't work
I want to enable httponly cookies in my zend based application. In order to do so, I added below line in application.config.php
'cookie_httponly' => true
to existing session_config array and it looks like below
'session_config' => [
// Set the…
Tanu Jain
- 1
- 2