[web-devel] HttpOnly

Chris Smith cdsmith at gmail.com
Thu Jun 30 16:39:01 CEST 2011

On Jun 30, 2011 8:25 AM, "Chris Smith" <cdsmith at gmail.com> wrote:
> The kinds of cookies generated by clientsession are not really vulnerable
> cookie-stealing attacks anywa due to the encryption that goes on [...]

On further thought, I'm wrong about this... but the conclusion is the same;
those cookies definitely ought to be setting the http-only flag.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20110630/d664a5fa/attachment.htm>

More information about the web-devel mailing list