Top "Httponly" questions

Setting httponly in JSESSIONID cookie (Java EE 5)

I'm trying to set the httponly flag on the JSESSIONID cookie. I'm working in Java EE 5, however, and can't use …

java servlets cookies httponly jsessionid

How do I set the HttpOnly flag of a cookie with javascript?

I'm trying to create a cookie, with the HttpOnly flag enabled. While there seems to be a plethora of resources …

javascript cookies httponly

How exactly do you configure httpOnly Cookies in ASP Classic?

I'm looking to implement httpOnly in my legacy ASP classic sites. Anyone knows how to do it?

security asp-classic httponly

Check if httponly cookie exists in Javascript

As the question says can you find out if a cookie exists within Javascript if it is a HttpOnly? I …

javascript cookies httponly

Setting 'HttpOnly' and 'Secure' in web.xml

I need to have the 'HttpOnly' and 'Secure' attributes set to 'true' to prevent the CWE-614: Sensitive Cookie in HTTPS …

security session cookies web.xml httponly

Which browsers do support HttpOnly cookies?

Which browsers do support HttpOnly cookies, and since which version? Please see http://www.codinghorror.com/blog/archives/001167.html for …

security browser cookies xss httponly

Turn off HttpOnly Spring boot

I would like to turn off HttpOnly sessions which I believe are default for Spring Boot. How would I turn …

java spring spring-boot httponly

Tomcat 7 sessionid cookie disable http-only and secure

I have a web application which is running on a Tomcat 7 server. The cookie with session id has by default …

cookies tomcat7 session-cookies httponly cookie-httponly

ASP.NET HttpOnly cookie in web.config not working

From everything I've read online, a web.config like this should enable HttpOnly cookies, in ASP.NET 2.0. However this is …

asp.net cookies httponly cookie-httponly

Django CSRF cookie HttpOnly

Is it possible to set the django csrf cookie to be http-only? Alike to SESSION_COOKIE_HTTPONLY with session cookie, …

django csrf httponly