HttpOnly Flag not set

Table of Contents

🥺 Vulnerable Code
😎 Secure Code

Here is an example of code where httponly flag is not set with session token cookie:

🥺 Vulnerable Code #

Cookie cookie = new Cookie("sessionToken", sessionTokenValue); 
response.addCookie(cookie);

😎 Secure Code #

To secure the code, you can set the “HttpOnly” flag on the cookie to prevent it from being accessed by client-side scripts. This can help to mitigate certain types of cross-site scripting (XSS) attacks:

Cookie cookie = new Cookie("sessionToken", sessionTokenValue); 
cookie.setHttpOnly(true); 
response.addCookie(cookie);

Secure Code Explain

Vulnerability Explain

HttpOnly Flag not set

🥺 Vulnerable Code #

😎 Secure Code #

Leave a Reply Cancel reply

Useful Links

Recent Post

Subscribe Now

🥺 Vulnerable Code #

😎 Secure Code #

Share This Article :

Leave a Reply Cancel reply

Useful Links

Recent Post

Subscribe Now