Hi, I know this has been asked before but I needed some clarification and confirmation. I've been told when creating cookies, to use httponly to prevent XSS. So my clarification is if I use httponly, will my php scripts accessed via ajax request still be able to determine my active php session (default: phpssessid) and retrieve my $_SE...
Iam when I submitting a request from a browser im setting a cookie in the response object using this code pResponse.setHeader(SET-COOKIE, token=randomvalue; HttpOnly; secure) but when this request is submitted and in the target page when i try to get this cookie using the pRequest.getCookieParameter("token") I am getting null. In this ca...
Is there a way to check if the cookie is httponly in php? ...
If my application places HttpOnly cookies on a client and then needs to remove them how can you remove them completely? ...
Hello A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true. Okay - I have done it. Next question: Is Cookie available after setting flag in JavaScript? or maybe some restriction when I am using JavaScript? or do I need to make some changes in existing JavaScript? ...