Cookie without httpOnly how insecure it is for Javascript


0 votes
asked Mar 14, 2016 by guv4844 (340 points)
Any help will be useful

5 Answers

0 votes
answered May 9, 2016 by Obvious (140 points)

Once the expiration date has exceeded, the browser will delete the cookie. If the domain and path match, then the cookie will be sent in the request. In this case the cookie would be sent to all requests for app. For example, if a cookie is set by an application at app.
commented May 9, 2016 by prasom (620 points)
So how does the browser know which CAs to trust certificates from
commented May 10, 2016 by gbBuren (680 points)
TLS is Transport Layer Security and the successor to SSL
commented May 11, 2016 by gun_2270 (640 points)
Referred to this video
0 votes
answered May 26, 2016 by Scarpe (220 points)
This option can be used to prevent cookie theft through connection eavesdropping.
commented May 28, 2016 by Ohg_let (290 points)
I programmed this problem in my own project this way
0 votes
answered May 26, 2016 by Couldnt (210 points)

ASPXAUTH cookie but not for the cookie we created by code. But the extent of this is purely the auth cookie, nothing more. ASPXAUTH cookie and after correctly configuring the web.
The mitigation for this within a forms authentication website in ASP.
0 votes
0 votes
answered Jun 1, 2016 by PledgerA (530 points)
I have looked at the doc Testing for cookies attributes (OTG-SESS-002) - OWASP but didn't find anything

What is Geekub?

Q&A site for professional and enthusiast programmers, software developers and other technical users. With your help, we hope to work together to build a library of detailed answers to just about any question that is related to programming!







...