Make all cookies HTTPOnly cookies in ColdFusion

Posted on 2009-02-10
Last Modified: 2013-11-16

In ColdFusion, I want to make all of my cookies HttpOnly cookies, so that they are not accessible by JavaScript and not a vulnerability for Cross-Site Scripting. Does anyone know how to do this?

(Also, when these cookies are HttpOnly, they will no longer be considered "insecure," correct? I have been told that my cookies are insecure for SSL. I don't use SSL, so I want to make them HttpOnly so they are not marked insecure for something I am not even using!)


Question by:masterorb
    LVL 36

    Accepted Solution

    you can use this..

    <cfheader name="Set-Cookie" value="safe=maybe;HttpOnly">

    (read the note about may be fixed..or not)

    also know that some vuln scans (like PCI) will flag cftoken/cfide pairs as guessable and therefore insecure. Use  jSessionid exclusively to avoid this.

    Author Comment

    Can I put that tag anywhere before the first <html> tag in the page?
    LVL 36

    Expert Comment


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Suggested Solutions

    #SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now