[ic] HttpOnly cookie flag
Bill Carr
bill at bottlenose-wine.com
Wed Feb 2 15:14:32 UTC 2011
Hi ICers,
Is there any way in Interchange to set the HttpOnly flag on session cookies?
After installing mod_security on my Apache web servers I have started getting warnings about this flag not being set on session cookies. Microsoft introduced the HttpOnly flag and it is now accepted by all major browsers. When set the cookie data is not accessible by javascript for example via document.cookie. This can help mitigate XSS attacks.
Bill Carr
Bottlenose - Wine & Spirits eBusiness Specialists
(413) 584-0400
http://www.bottlenose-wine.com
More information about the interchange-users
mailing list