cookie (1,430)


security - The definitive guide to form-based website authentication

security - The definitive guide to form-based website authentication

Closed.This question needs to be more focused.It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by…


java - Resolving Session Fixation in JBoss

I need to prevent Session Fixation, a particular type of session hijacking, in a Java web application running in JBoss. However, it appears that the standard idiom doesn't work in JBoss. Can this be…


How do HttpOnly cookies work with AJAX requests?

JavaScript needs access to cookies if AJAX is used on a site with access restrictions based on cookies. Will HttpOnly cookies work on an AJAX site? Edit: Microsoft created a way to prevent XSS attacks…


How do you configure HttpOnly cookies in tomcat/java webapps?

After reading Jeff's blog post on Protecting Your Cookies: HttpOnly. I'd like to implement HttpOnly cookies in my web application. How do you tell tomcat to use http only cookies for sessions?…


How exactly do you configure httpOnlyCookies in ASP.NET?

Inspired by this CodingHorror article, "Protecting Your Cookies: HttpOnly" How do you set this property? Somewhere in the web config?…


How do you set up use HttpOnly cookies in PHP

How can I set the cookies in my PHP apps as HttpOnly cookies?…


c# - Can I put an ASP.Net session ID in a hidden form field?

I'm using the Yahoo Uploader, part of the Yahoo UI Library, on my ASP.Net website to allow users to upload files. For those unfamiliar, the uploader works by using a Flash applet to give me more cont…



Secure session cookies in ASP.NET over HTTPS

I got a little curious after reading this/. article over hijacking HTTPS cookies. I tracked it down a bit, and a good resource I stumbled across lists a few ways to secure cookies here. Must I use a…


security - How exactly do you configure httpOnly Cookies in ASP Classic?

I'm looking to implement httpOnly in my legacy ASP classic sites. Anyone knows how to do it?…


ASP.Net: If I have the Session ID, Can I get the Session object?

This question is related to this one, though I think I was a little too long-winded there to really get a good answer. I'll keep this brief. I'm working on a web handler(ashx) that accepts a form po…




cookies session set how get not example javascript working request