14 lines
706 B
Plaintext
14 lines
706 B
Plaintext
== HTTPOnly
|
|
|
|
* Disallows access to cookie in most modern browsers
|
|
** Even by the website that set the cookie in the first place
|
|
|
|
* HTTPOnly Cookies are still accessible through AJAX
|
|
** This is accomplished using the XmlHttpRequest object
|
|
** Cookie data can still be read from the headers
|
|
|
|
* Public web sites that support multiple browsers
|
|
* Use a client-side script to determine the browser version for a visitor
|
|
* The website can restrict sensitive information to visitors using browsers that mitigate cross site scripting attacks for cookies
|
|
* Visitors with browsers that do not support HTTPOnly cookies can be given limited information or functionality along with a request to upgrade their software
|