tags:

views:

140

answers:

1

Without looking over the shoulder of a developer, how can I tell if HTTPonly is set properly from the front end of my web application?

+1  A: 

The fastest way, I've found so far is to use the Watcher extension for Fiddler 2, as you browse through various sections of your site.

Keep in mind that Watcher is a passive tool - it does not generate any requests against the web/application server. In order to use Watcher effectively, you should atleast execute the bare minimum of test cases in your application, especially in those areas where cookies are created.

Vineet Reynolds