httponly Questions
11
Solved
After reading Jeff's blog post on Protecting Your Cookies: HttpOnly. I'd like to implement HttpOnly cookies in my web application.
How do you tell tomcat to use http only cookies for sessions?
1
Solved
I'm currently developing a mobile app using Flutter for iOS and Android for a customer whose application already exists for the web + has been setup in the form of a REST API already. The idea is t...
Addiction asked 19/2 at 20:32
3
Problem
I have a REST API that has a login endpoint. The login endpoint accepts a username and password, the server responds by sending a HTTPOnly Cookie containing some payload (like JWT).
The app...
2
Solved
I need to have the 'HttpOnly' and 'Secure' attributes set to 'true' to prevent the CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute and CWE-402: Transmission of Private Resourc...
6
Solved
I'm running Apache 2.2.26:
Server version: Apache/2.2.26 (Unix)
Server built: Jan 17 2014 12:24:49
Cpanel::Easy::Apache v3.22.30 rev9999 +cloudlinux
I'm attempting to use mod_headers to edit Set...
Glaze asked 9/6, 2014 at 21:16
5
Solved
Does the checkmark at the Http column of Chrome devtool's Cookie resource panel indicate a HttpOnly cookie?
I can't find docs that confirm this, though I suspect it is the case. I am trying to ver...
Scale asked 7/7, 2012 at 19:29
8
Does anyone know exactly how to set HTTPONLY on classic ASP session cookies?
This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated.
...
Across asked 7/6, 2010 at 15:14
0
I'm new to cookies and I'm having an issue to set HttpOnly cookie from server to web client.
Here's my setup:
Server is on domain: https://api.app.domain.com (express app),
Web app in on domain: ht...
Piezochemistry asked 1/5, 2023 at 16:38
5
I have set the following property in websphere for the jsession cookie
com.ibm.ws.webcontainer.HTTPOnlyCookies.
Any idea how best to test this using JavaScript in Firefox or IE?
Episternum asked 30/11, 2010 at 17:22
11
Solved
3
I'm building an application in Laravel 5.1 for a client. After I finished the application I got back an pentest report which tells me to add a HttpOnly flag.
I added 'secure' => true and 'http_onl...
Beyrouth asked 23/11, 2015 at 12:2
4
Solved
As the question says can you find out if a cookie exists within Javascript if it is a HttpOnly? I don't need to access the information inside of it, just know it has one.
A little more information...
Alkalize asked 19/2, 2012 at 21:54
6
Solved
I'm looking to implement httpOnly in my legacy ASP classic sites.
Anyone knows how to do it?
Licht asked 10/9, 2008 at 20:49
1
Solved
Sometimes*, when accessing document.cookie in the login page I get an empty string even though:
cookies are listed in the Chrome and Firefox developer tools,
httpOnly flag of cookie I'm interest...
Woodcutter asked 30/3, 2020 at 16:42
2
Solved
I send a request to server to login and get cookie with token value with HTTP only tag after this action I can not access cookie value in my react app but I tested it in the postman app and i can s...
4
Solved
I would like to turn off HttpOnly sessions which I believe are default for Spring Boot.
How would I turn off HttpOnly on spring boot?
I currently have code such as:
@RequestMapping(value = "/st...
Latinity asked 15/3, 2014 at 18:50
1
Solved
I'd like to secure my SPA private routes with JWT authentication. To make everything as much secure as it's possible, I wanted to use httpOnly cookie to store my access_token on the client-side.
U...
Balsamic asked 7/8, 2018 at 8:44
3
I have a web application which is running on a Tomcat 7 server. The cookie with session id has by default the flags HttpOnly and Secure. I want to disable this flags for the JSESSIONID cookie. But ...
Dnepropetrovsk asked 1/8, 2013 at 10:10
3
Solved
I am working on an XSS (cross site scripting) issue. My application runs on an Oracle Weblogic portal. We use Servlet version 2.5.
I have added the below 3 lines of code in the filter for setting ...
1
Solved
Due to PCI regulations, most cookies in my application need to be secure and httponly. I have achieved that through this line in my Apache config file:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Se...
Suffruticose asked 15/12, 2016 at 21:49
4
Solved
In Ruby on Rails, how do I set the session cookie's httpOnly setting to false?
Ugric asked 21/4, 2010 at 1:11
2
I am working in a Windows Phone 8 PCL project. I am using a 3rd party REST API and I need to use a few HttpOnly cookies originated by the API. It seems like getting/accessing the HttpOnly cookies f...
Algernon asked 30/4, 2013 at 1:22
0
My Project use Google Tag Manager(GTM) to manager my google analytic(GA) code. Now, for some reasons, I need to add 'httponly' and 'secure' flags on cookies which GA generated, but I don't know how...
3
Solved
Is it possible to set the django csrf cookie to be http-only? Alike to SESSION_COOKIE_HTTPONLY with session cookie, but for the csrf one?
3
Solved
In Servlet 3.0 complaint application servers I can set the HttpOnly and secure flags for the session cookie (JSESSIONID) by adding the following to the web.xml:
<session-config>
<cookie-...
Gaal asked 8/2, 2012 at 12:14
1 Next >
© 2022 - 2024 — McMap. All rights reserved.