Just received the results of a security audit - everything clear apart from two things
- Session cookie without http flag.
- Session cookie without secure flag set.
So how I can set the httpOnly flag and secure flag through jQuery?
Asked
Active
Viewed 211 times
-2
marc_s
- 732,580
- 175
- 1,330
- 1,459
-
Please show us what you've tried and the results from that. http://stackoverflow.com/help/how-to-ask – DevDonkey Dec 10 '14 at 17:44
-
You cannot set those types of cookies with jQuery. You can only set those on the server-side. – idbehold May 02 '16 at 16:48
1 Answers
1
Both needs to be configured at server before issuing cookie. You can read more about the security issues otherwise from OWASP documentation
kamoor
- 2,909
- 2
- 19
- 34