Sergii
Reputation: 749
HttpCookie.HttpOnly in .NET and JavaScript
Hello
A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true. Okay - I have done it. Next question:
- Is Cookie available after setting flag in JavaScript?
- or maybe some restriction when I am using JavaScript?
- or do I need to make some changes in existing JavaScript?
Upvotes: 2
Views: 1091
Answers (1)
Josh Stodola
Reputation: 82483
The purpose of using HttpOnly is to prevent Javascript from accessing the cookie, primarily to prevent XSS attacks. There are decent write-ups on CodingHorror and MSDN about it.
Bottom line: if you need access to the cookie with Javascript you can not use HttpOnly.
Upvotes: 4
Related Questions
- HttpOnly always set to true on cookie I add
- The behaviour of HttpOnly cookie on aspx
- Setting session cookie to HttpOnly
- How exactly do you configure httpOnlyCookies in ASP.NET?
- asp.net cookie reading does not functioning (same page)
- ASP.NET Securing Cookie on HTTP and HTTPS
- httpOnlyCookies, does it only affect cookies created on the server?
- Question about HttpCookies
- Problem with HttpOnly Cookies
- How do you remove HttpOnly cookies?