Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-717

Enforce the "HTTPOnly" flag, if If the application doesn't need to access the cookie

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • 1.0.0.M8
    • 1.0.0.M7, 1.0.0.M8
    • controller , examples, security
    • None

    Description

      This prevents the browser from reveal a session cookie, against XSS attacks and users from accidentally access a resource that exploits this flaw.

      Attachments

        Activity

          People

            boliveir_managed_kafka_security (inactive user) Bruno Oliveira Silva (Inactive)
            boliveir_managed_kafka_security (inactive user) Bruno Oliveira Silva (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: