Cookie without httpOnly how insecure it is?


0 votes
asked Mar 14, 2016 by Havlicek (730 points)
I am trying this library for the first time and have no clue for solving this

5 Answers

0 votes
answered May 30, 2016 by VI4712 (950 points)
selected Jun 1, 2016 by fgn_Ault
 
Best answer
This option can be used to prevent cookie theft through connection eavesdropping.
commented Jun 1, 2016 by works (230 points)
Applying this change will make it so that when you double click on a
commented Jun 1, 2016 by fgn_Ault (670 points)
The details are here
0 votes
answered May 12, 2016 by Apphave (360 points)

Once the expiration date has exceeded, the browser will delete the cookie. If the domain and path match, then the cookie will be sent in the request. In this case the cookie would be sent to all requests for app. For example, if a cookie is set by an application at app.
0 votes
answered May 31, 2016 by ncc6749 (590 points)

ASPXAUTH cookie but not for the cookie we created by code. But the extent of this is purely the auth cookie, nothing more. ASPXAUTH cookie and after correctly configuring the web.
The mitigation for this within a forms authentication website in ASP.
commented May 31, 2016 by Bridendolph (500 points)
So how does the browser know which CAs to trust certificates from
commented Jun 1, 2016 by vGritz (140 points)
Sorry for the remake but is the first time i answer
commented Jun 2, 2016 by Risto_4206 (100 points)
I have another solution that makes this possible. You could also have it as
0 votes
answered Jun 1, 2016 by Gev_9490 (190 points)
I'd suggest the process followed in this article How to Force Secure and HttpOnly Cookie Options for ...
0 votes
answered Jun 1, 2016 by Into_Padon (1,810 points)
I know that this is a very old question
To get the complete picture, please use the below link, http://www.hpenterprisesecurity.com/vulncat/en/vulncat/php/cookie_security_httponly_not_set_on_session_cookie.html

What is Geekub?

Q&A site for professional and enthusiast programmers, software developers and other technical users. With your help, we hope to work together to build a library of detailed answers to just about any question that is related to programming!







...