masterorb
asked on
Make all cookies HTTPOnly cookies in ColdFusion
Hello,
In ColdFusion, I want to make all of my cookies HttpOnly cookies, so that they are not accessible by JavaScript and not a vulnerability for Cross-Site Scripting. Does anyone know how to do this?
(Also, when these cookies are HttpOnly, they will no longer be considered "insecure," correct? I have been told that my cookies are insecure for SSL. I don't use SSL, so I want to make them HttpOnly so they are not marked insecure for something I am not even using!)
Thanks,
Ned
In ColdFusion, I want to make all of my cookies HttpOnly cookies, so that they are not accessible by JavaScript and not a vulnerability for Cross-Site Scripting. Does anyone know how to do this?
(Also, when these cookies are HttpOnly, they will no longer be considered "insecure," correct? I have been told that my cookies are insecure for SSL. I don't use SSL, so I want to make them HttpOnly so they are not marked insecure for something I am not even using!)
Thanks,
Ned
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes
ASKER