Using HttpOnly flag in side the cookie we can prevent cookie information from client side scripting
In side java code , write the code as below:
Cookie cookie = getMyCookie("myCookieName");
cookie.setHttpOnly(true);
The same effect can be configured inside the WEB-INF/web.xml in your application
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
<session-config>
For more information check this link :
https://www.owasp.org/index.php/HttpOnly
In side java code , write the code as below:
Cookie cookie = getMyCookie("myCookieName");
cookie.setHttpOnly(true);
The same effect can be configured inside the WEB-INF/web.xml in your application
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
<session-config>
For more information check this link :
https://www.owasp.org/index.php/HttpOnly
No comments:
Post a Comment