Tag: HttpOnly

Cookie Not Marked as HttpOnly

HTTPOnly cookies cannot be read by client-side scripts, therefore marking a cookie as HTTPOnly can provide an additional layer of protection against cross-site scripting attacks. Solution <session-config> <cookie-config> <http-only>true</http-only> </cookie-config> </session-config> NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is […]