“HTTP tylko cookie” Kod odpowiedzi

HTTP tylko cookie

- If the HttpOnly flag (optional) is included in the HTTP response header, 
the cookie cannot be accessed through client side script (again if the 
browser supports this flag). 
- As a result, even if a cross-site scripting (XSS) flaw exists, and a user 
accidentally accesses a link that exploits this flaw, the browser (primarily 
Internet Explorer) will not reveal the cookie to a third party.

- If a browser does not support HttpOnly and a website attempts to set an HttpOnly cookie,
the HttpOnly flag will be ignored by the browser, thus creating a traditional, 
script accessible cookie. 
- As a result, the cookie (typically your session cookie) 
becomes vulnerable to theft of modification by malicious script. "Mitigating".
Annoyed Antelope

httponly

Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT; Secure; HttpOnly
Average Anteater

Odpowiedzi podobne do “HTTP tylko cookie”

Pytania podobne do “HTTP tylko cookie”

Przeglądaj popularne odpowiedzi na kod według języka

Przeglądaj inne języki kodu