Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions tagged [cookie-httponly]
199 questions
0
votes
1 answer
Unable to login in same address when hit the REST service using java
I hit the rest URL
https://db2adminpc1:9443/rest/bpm/wle/v1/search/query?organization=byInstance&run=true&shared=false&filterByCurrentUser=true
using HttpURLConnection class and I get the SJON data in inputstream.
But in my requirement when I hit…
Yogesh Raut
- 5
- 1
- 6
0
votes
1 answer
Missing HttpOnly Attribute for Session Identifier with HTTP protocol
Earlier I was getting HttpOnly for both HTTP/HTTPS protocol, but missing secure attribute.
In order to add "Secure" attribute, I added secure="true" in server.xml ’s Connector port syntax as below –
Jatin
- 197
- 2
- 5
- 17
0
votes
1 answer
Jboss 5.1 HttpOnly cookies , unable to logIn to the system
I added following line to my context.xml as discussed in This question and now all my cookies were set to secure and httponly.
but now when i logged in to the system it throw me out and said my session got expired.
system is running on 'Http' and is…
Sam
- 2,055
- 6
- 31
- 48
0
votes
1 answer
Php normal cookies vs httponly cookies precedence in $_COOKIE
I've noticed that when I setup in a script two cookies with the same name/domain but one using php setcookie, with httponly flag enabled, and the other using javascript code when I try to retrive the cookie value with the use of the $_COOKIE var I…
0
votes
2 answers
Cookie vs token based authentication for SPA?
I'm building an Single Page App using AngularJS and Spring for backend.
For the purpose of making my backend stateless, i recently researched on JWT(JSON Web Tokens). Now here's the confusion -
a. Should i send my JWT on response header to client…
Ansh Agarwal
- 171
- 2
- 13
0
votes
1 answer
Getting HttpOnly cookies. Returns only one when expecting multiple
I found a working solution to get HttpOnly cookies, however it only returns one cookie, while I expect multiple cookies.
Can somebody tell me what I do wrong?
private const Int32 InternetCookieHttponly = 0x2000;
[DllImport("wininet.dll",…
user3763117
- 327
- 1
- 5
- 18
0
votes
1 answer
CakePHP cookies are not secure and not httponly
Cookies in my app are not secured and not http only, but they are configured exactly as in example on CakePHP Book 2.0 - Session Configuration.
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 30,
…
wewo
- 700
- 7
- 16
0
votes
1 answer
Ajax call to a rest service behind an adfs
I am exposing some Rest services through an MVC 4 (.net) project.
They are deployed behing an adfs authentication server.
Other applications, that are behind the same ADFS are calling my services through ajax calls.
The problem is that the calls are…
dor.elmaliach
- 515
- 5
- 14
0
votes
1 answer
Is there a way to rewrite a cookie name in nginx?
I'm trying to logout the user by removing a cookie and redirect him to the home page.
Is it possible to do it without adding lua-nginx-module?
Vasu Adari
- 910
- 9
- 14
0
votes
1 answer
Defining cookie as secure and httponly in web config (Classic ASP, IIS 6.0).
I need to declare all ASP cookies as secure and httponly. The code is in Classic ASP and IIS ver is 6.0.
The cookie has been defined as…
0
votes
1 answer
Changes in Java 6 update 71 regarding httpOnly = true
We have observed the httpOnly attribute has some changes in java 6 Update 71, due to which my JSessionIDSSO cookie has the attribute httpOnly as true.
just need to check , has anyone faced the same issue ?
Now my JNLP application which uses…
gusainhimanshu
- 157
- 1
- 11
0
votes
1 answer
Set HttpOnly attribute of a cookie as "True" using javascript
I have a function in Javascript which sets a cookie like this:
document.cookie = "name='Name'" + ";EXPIRES=sometime" + ";PATH=$PATH" + ";DOMAIN=domain" + ";SECURE=''";
I want to set the HttpOnly attribute of the cookie as TRUE.
How do I do that in…
Krishnachandra Sharma
- 1,332
- 2
- 20
- 42
0
votes
1 answer
Using httpOnly cookies for device registration
I have a mobile website where, as part of my security measures, I want users to "register" their device, so I can limit the number of devices that users can have accessing the site. My thought was, for a "new" device, put them through a two-factor…
Danny Ackerman
- 997
- 1
- 10
- 25
0
votes
1 answer
Unable to get the session id from HTTP cookie in CookieContainer WP8 application
Preface:
I'm writing a windows phone 8 application, and one of my modules is responsible for communication over a remote server.
I'm using GET and POST methods using HttpWebRequest and HttpWebRequest.
I was also surprised to found out, that HTTP…
Erez
- 205
- 3
- 13
0
votes
1 answer
turning on https flag for cookie
So I am using this legacy application which is in php 4.
I am trying to set the httponly flag and secure flag on.
This is my code:
header( "Set-Cookie:". $cookieName."=".$sessId."; expires=".$expireSeconds."; sessionID=".$sessId.";path=".$path.";…
Micheal
- 2,272
- 10
- 49
- 93