You must Sign In to post a response.
  • Category: ASP.NET

    Cookies used by My ASP.NET application did not have the HTTPOnly flag set.

    Hi
    Cookies used by My ASP.NET application did not have the HTTPOnly flag set.
    This could allow a client-side script to access the cookie and reveal it to the attacker.
    How Can I Prevent that?
  • #769269
    There should be a reason behind that.
    Please read below article to see when and where you should not set HTTPOnly flag and modify your code accordingly.

    portswigger.net/knowledgebase/issues/details/00500600_cookiewithouthttponlyflagset


    Regards,
    Asheej T K


Sign In to post your comments