Top "Httponly" questions

HttpOnly is a flag in the cookie header to hide data from JavaScript

How do you configure HttpOnly cookies in tomcat / java webapps?

After reading Jeff's blog post on Protecting Your Cookies: HttpOnly. I'd like to implement HttpOnly cookies in my web application. …

Read More
java security cookies xss httponly
How do you set up use HttpOnly cookies in PHP

How can I set the cookies in my PHP apps as HttpOnly cookies?

Read More
php security cookies xss httponly
How exactly do you configure httpOnlyCookies in ASP.NET?

Inspired by this CodingHorror article, "Protecting Your Cookies: HttpOnly" How do you set this property? Somewhere in the web config?

Read More
asp.net cookies xss httponly
Add Secure and httpOnly Flags to Every Set-Cookie Response in Apache httpd

I'm running Apache 2.2.26: Server version: Apache/2.2.26 (Unix) Server built: Jan 17 2014 12:24:49 Cpanel::Easy::Apache v3.22.30 rev9999 +cloudlinux I'm attempting to use …

Read More
.htaccess security cookies httponly mod-headers
How do HttpOnly cookies work with AJAX requests?

JavaScript needs access to cookies if AJAX is used on a site with access restrictions based on cookies. Will HttpOnly …

Read More
ajax cookies httponly
how to set httponly and session cookie for java web application

I am working on an XSS (cross site scripting) issue. My application runs on an Oracle Weblogic portal. We use …

Read More
java security xss httponly
Chrome developer tools > resources > cookies > http column, does a checkmark here indicate HttpOnly cookie?

Does the checkmark at the Http column of Chrome devtool's Cookie resource panel indicate a HttpOnly cookie? I can't find …

Read More
google-chrome cookies google-chrome-devtools httponly
Secure and HttpOnly flags for session cookie Websphere 7

In Servlet 3.0 complaint application servers I can set the HttpOnly and secure flags for the session cookie (JSESSIONID) by adding …

Read More
servlets cookies websphere-7 httponly
Setting HTTPONLY for Classic Asp Session Cookie

Does anyone know exactly how to set HTTPONLY on classic ASP session cookies? This is the final thing that's been …

Read More
asp-classic httponly session-cookies
how do I test httpOnly cookie flag

I have set the following property in websphere for the jsession cookie com.ibm.ws.webcontainer.HTTPOnlyCookies. Any idea how …

Read More
websphere session-cookies httponly