Aleks
asked on
cookie flag
Hi,
We have a login page that saves a cookie so that the username is stored and shows next time the user logs in.
We ran a security scan and got the following alert:
"Cookie without 'httpOnly" flag
Below is the code for setting up the cookie. How can we resolve the issue of the alert?
We have a login page that saves a cookie so that the username is stored and shows next time the user logs in.
We ran a security scan and got the following alert:
"Cookie without 'httpOnly" flag
Below is the code for setting up the cookie. How can we resolve the issue of the alert?
function createCookie(name, value, days) {
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
var expires = "; expires=" + date.toGMTString();
}
else var expires = "";
document.cookie = name + "=" + value + expires + "; path=/";
}
function eraseCookie(name) {
createCookie(name, "", -1);
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thx
if thats the case, just ignore this warning...