A security audit of my site indicated a Missing HttpOnly attribute in Session
Cookie problem. If this is a security problem, then why does the useHttpOnly
attribute in Context default to false? I'm not specifically setting any
cookies...
On 28/02/2011 21:31, Leo Donahue - PLANDEVX wrote:
A security audit of my site indicated a Missing HttpOnly attribute in
Session Cookie problem. If this is a security problem,
In and off itself a missing httpOnly attribute is not a security
vulnerability. It is, however, a good idea to enable
