Questions tagged [httponly]

HttpOnly is a flag in the cookie header to hide data from JavaScript

HttpOnly is a flag in the cookie header, indicating that the browser should hide this cookie from JavaScript and only use it for HTTP and HTTPS requests.

Important Note

HttpOnly just makes exploiting XSS vulnerabilities a little more difficult. It does not provide protection against XSS.

External Links

OWASP on HttpOnly
Wikipedia on HttpOnly

241 questions

-2

votes

1 answer

PHP session not working after setting secure httponly

Friends, I have a testing web server with Apache 2.2, with valid SSL certificate and PHP sessions are working fine on it. As part of security recommendations I have set Header set Set-Cookie HttpOnly;Secure entry in httpd.conf the sessions are not…

asked Jan 04 '18 at 05:05

Sam

Prev 1 2 3

…