MozillaWiki

WebAppSec/Secure Coding Guidelines: Difference between revisions

Page Discussion

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 21:25, 5 November 2010

3 bytes removed ,  5 November 2010
→‎Secure Flag
Line 70: Line 70:
The "Secure" flag should be set during every set-cookie. This will instruct the browser to never send the cookie over HTTP. The purpose of this flag is to prevent the accidental exposure of a cookie value if a user follows an HTTP link.
The "Secure" flag should be set during every set-cookie. This will instruct the browser to never send the cookie over HTTP. The purpose of this flag is to prevent the accidental exposure of a cookie value if a user follows an HTTP link.


[https://wiki.mozilla.org/WebAppSec/Findings_Recommendations#Secure_Flag Code Examples]
[https://wiki.mozilla.org/WebAppSec/Secure_Coding_Details#Secure_Flag Code Examples]


===HTTP-Only Flag===
===HTTP-Only Flag===
Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/266079"