Need help with HTTPOnly attribute...

Posted on 2010-01-07
Last Modified: 2012-05-08

I have code in the onSessionStart event that prevents JavaScript from accessing the session cookies thru the use of "HTTPOnly" attribute in the <cfheader> tag, and everything's working.  But once I started adding code that ends the session when the user closes the browser (see code below), the code that prevents JavaScript from accessing the session cookies NO longer works.

Can someone please tell me how can I resolve this?

Many thanks in advance.

<cffunction name="onSessionStart" output="false" returntype="void">

		<!--- Code that ends the session when user closes browser --->

		<cfcookie name="CFID" value="#session.CFID#" />

		<cfcookie name="CFTOKEN" value="#session.CFTOKEN#" />


                  <!--- HTTPOnly is a flag that tells the

browser to only submit the cookie via HTTP requests, which means it cannot be access via JavaScript --->

		<cfheader name="Set-Cookie" value="CFID=#session.CFID#;HTTPOnly">

		<cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;HTTPOnly">

       <cfreturn />


Open in new window

Question by:WebAppDeveloper
    1 Comment
    LVL 24

    Accepted Solution

    you cannot, i don't believe, end a session when browser is closed
    many before you have asked this question ...


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them ( . I did keep the main js functions but made sever…
    Sometimes databases have MILLIONS of records and we need a way to quickly query that table to return the results me need. Sure you could use CFQUERY but it takes too long when there are millions of records. That is why SOLR was invented. Please …
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now