<div>
but this may break your web site, if you are using cookie on client side as well...<br />
<br />

<blockquote>
When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden
</blockquote>
<br />
if thats the case, just ignore this warning...
</div>


but this may break your web site, if you are using cookie on client side as well...



> When you tag a cookie with the HttpOnly flag, it tells the browser that this particular cookie should only be accessed by the server. Any attempt to access the cookie from client script is strictly forbidden


if thats the case, just ignore this warning...

<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
We have a login page that saves a cookie so that the username is stored and shows next time the user logs in. <br />
We ran a security scan and got the following alert:<br />
<br />
&quot;Cookie without 'httpOnly&quot; flag<br />
<br />
Below is the code for setting up the cookie. How can we resolve the issue of the alert?<br />
<br />

<pre><code id="code-10-29032187-1">        function createCookie(name, value, days) {
            if (days) {
                var date = new Date();
                date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
                var expires = &quot;; expires=&quot; + date.toGMTString();
            }
            else var expires = &quot;&quot;;
            document.cookie = name + &quot;=&quot; + value + expires + &quot;; path=/&quot;;
        }

        function eraseCookie(name) {
            createCookie(name, &quot;&quot;, -1);
        }</code></pre>
</div>
</div>


Hi,

We have a login page that saves a cookie so that the username is stored and shows next time the user logs in. 
We ran a security scan and got the following alert:

"Cookie without 'httpOnly" flag

Below is the code for setting up the cookie. How can we resolve the issue of the alert?

(CODE)

cookie flag

Web development includes all aspects of presenting content on intranets and the Internet, including delivery development, protocols, languages and standards, server software, browser clients, databases and multimedia generation.

Web Development

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.

VBScript (Visual Basic Scripting Edition) is an interpreted scripting language developed by Microsoft that is modeled on Visual Basic, but with some important differences. VBScript is commonly used for automating administrative and other tasks in Windows operating systems (by means of the Windows Script Host) and for server-side scripting in ASP web applications. It is also used for client-side scripting in Internet Explorer, specifically in intranet web applications.

VB Script

JavaScript is a dynamic, object-based language commonly used for client-side scripting in web browsers. Recently, server side JavaScript frameworks have also emerged. JavaScript runs on nearly every operating system and  in almost every mainstream web browser.

JavaScript

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.